Well, kids with a *real* education, sure! On Sat, Feb 18, 2012 at 8:13 PM, C. Mundi <[email protected]> wrote:
> Do kids even know who Dylan is anymore? LOL! > On Feb 18, 2012 11:07 AM, "Avi Deitcher" <[email protected]> wrote: > >> Played trivial pursuit with the kids today, it came up, I got the answer! >> >> On Sat, Feb 18, 2012 at 8:05 PM, C. Mundi <[email protected]> wrote: >> >>> @deitcher: yeah. That's where I'm headed now. I really messed myself up >>> looking for something complicated when all I needed was to send a file. >>> BTW...Dylan is always a good example. :) >>> On Feb 18, 2012 10:04 AM, "deitch" <[email protected]> wrote: >>> >>>> Yeah, I would do that. However, I would not store the files that way, >>>> because what if one file (dylan.mp3) is accessible to three users? So >>>> I would do >>>> >>>> Files: /some/private/dir/music/files/dylan.mp3 (or some other naming >>>> convention) >>>> Path: /downloads/:user/:musicfile >>>> >>>> You *cannot* get to /some/private/dir/music/files/ directly by URL, >>>> only to /downloads/:user/:musicfile, which first checks that the user >>>> is authenticated to /downloads/:user, then checks if :musicfile is >>>> allowed for user, and if it is, then fetches the file from its true >>>> path. >>>> >>>> On Feb 18, 3:57 am, Edward Smith <[email protected]> wrote: >>>> > I would put them in a directory not accessible by clients, and have >>>> node >>>> > route urls with specific hashes, for each file for each user. The >>>> route >>>> > could be something like /$user/download/$hash (anything with a $ in >>>> front >>>> > of it will vary based off of user). The combination of $user and >>>> $hash >>>> > should be stored in a database so you can find out if it is valid and >>>> what >>>> > file it should be. Then send the file. >>>> > >>>> > I have never implemented something like this, but this is how I would >>>> > probably do it. >>>> > >>>> > >>>> > >>>> > >>>> > >>>> > >>>> > >>>> > On Fri, Feb 17, 2012 at 5:45 PM, C. Mundi <[email protected]> wrote: >>>> > > This is obviously a solved problem. I don't want to reinvent the >>>> wheel. >>>> > >>>> > > Imagine a digital music store. I have a set of static files which >>>> I need >>>> > > to serve only to authenticated users. So the set of accessible >>>> files >>>> > > depends on the user. How do I let each user get the files she is >>>> entitled >>>> > > to and no other files? >>>> > >>>> > > Bad Idea 1: security by obscurity: hide the files behind query >>>> strings >>>> > > generated on the fly for session.user in the form of nasty looking >>>> hard to >>>> > > guess hashes. Ugly hack and vulnerable to brute force hash >>>> collision. >>>> > > Yuck! >>>> > >>>> > > Bad Idea 2: set up an instance of node-static.Server() for each >>>> > > authenticated session, specifically serving a directory created on >>>> the fly >>>> > > for that session and containing symlinks to all (and only) files >>>> for which >>>> > > session.user has privileges. The main server would redirect >>>> requests for >>>> > > files to the ad hoc static server. Kludgus maximus! >>>> > >>>> > > Good Idea: what you tell me. :) >>>> > >>>> > > -- >>>> > > Job Board:http://jobs.nodejs.org/ >>>> > > Posting guidelines: >>>> > >https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines >>>> > > You received this message because you are subscribed to the Google >>>> > > Groups "nodejs" group. >>>> > > To post to this group, send email to [email protected] >>>> > > To unsubscribe from this group, send email to >>>> > > [email protected] >>>> > > For more options, visit this group at >>>> > >http://groups.google.com/group/nodejs?hl=en?hl=en >>>> >>>> -- >>>> Job Board: http://jobs.nodejs.org/ >>>> Posting guidelines: >>>> https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines >>>> You received this message because you are subscribed to the Google >>>> Groups "nodejs" group. >>>> To post to this group, send email to [email protected] >>>> To unsubscribe from this group, send email to >>>> [email protected] >>>> For more options, visit this group at >>>> http://groups.google.com/group/nodejs?hl=en?hl=en >>>> >>> -- >>> Job Board: http://jobs.nodejs.org/ >>> Posting guidelines: >>> https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines >>> You received this message because you are subscribed to the Google >>> Groups "nodejs" group. >>> To post to this group, send email to [email protected] >>> To unsubscribe from this group, send email to >>> [email protected] >>> For more options, visit this group at >>> http://groups.google.com/group/nodejs?hl=en?hl=en >>> >> >> >> -- >> Job Board: http://jobs.nodejs.org/ >> Posting guidelines: >> https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines >> You received this message because you are subscribed to the Google >> Groups "nodejs" group. >> To post to this group, send email to [email protected] >> To unsubscribe from this group, send email to >> [email protected] >> For more options, visit this group at >> http://groups.google.com/group/nodejs?hl=en?hl=en >> > -- > Job Board: http://jobs.nodejs.org/ > Posting guidelines: > https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines > You received this message because you are subscribed to the Google > Groups "nodejs" group. > To post to this group, send email to [email protected] > To unsubscribe from this group, send email to > [email protected] > For more options, visit this group at > http://groups.google.com/group/nodejs?hl=en?hl=en > -- Job Board: http://jobs.nodejs.org/ Posting guidelines: https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines You received this message because you are subscribed to the Google Groups "nodejs" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/nodejs?hl=en?hl=en
