I just released a mongrel secure download handler on rubyforge. It's a
way to have mongrel stream files to the user without linking them
directly to the file using a time-based token authorization scheme.
Here is a more detailed description: This handler addresses the problem of having a fast and secure download mechanism for web applications. The mechanism works by having the application generate a special URI containing a token that is only valid for a certain period of time. The server then recognizes this URI and generates a token using the parameters passed in and checks for a match before sending the file to the user. The key to the process is the secret string that both the server and the application are aware of. You can find the gem at the rubyforge page here http://rubyforge.org/projects/msecuredownload/ Documentation is included in the form of RDoc comments that explain exactly how to use it. It's very easy to use and good for quickly and securely sending files of any size from directories that are not publicly accessible. I have tested it locally with files over 1GB in size and had no problems. Processor usage and RAM usage are very low and mongrel continues to serve up pages as fast as it normally does. Mongrel you are my hero, Josh Ferguson [EMAIL PROTECTED] wrote: I wrote an x-sendfile thing for the railshandler to get mongrel to catch the response header and stream out files from an application I'm writing but I'm pretty sure that zed said he'd built in x-sendfile somewhere already. I couldn't find it, could someone lead me to it?Does mongrel work with SSL? If not is anyone interested in having someone write in SSL support? heh JoshNo x-sendfile support, but actually just better "sendfile" support (a system API call and method for streaming out files better in Mongrel). The x-sendfile stuff tends to be more application framework specific rather than a Mongrel thing. Mongrel tries to reduce the amount of interference with the app frameworks since they usually make their own (more intelligent) decisions about what to send or not. Instead, each framework just needs a plugin that adds x-sendfile and they're set. Now, if you've got something that has a usage outside of the frameworks then just make a gemplugin (I'll help) and publish it same way as mongrel_cluster. As for SSL, nothing yet. Remember that Mongrel is not intended to be a full web server, so rather than bloat it with SSL support we just recommend putting it behind a real web server, kssl, stunnel, or some other "SSL heavy lifter". I think pen has experimental SSL support. You might try that out. Zed _______________________________________________ Mongrel-users mailing list Mongrel-users@rubyforge.org http://rubyforge.org/mailman/listinfo/mongrel-users |
_______________________________________________ Mongrel-users mailing list Mongrel-users@rubyforge.org http://rubyforge.org/mailman/listinfo/mongrel-users