Best practice when making downloads more private.
60 views
Skip to first unread message
Encompass solutions
Nov 10, 2013, 1:49:00 AM11/10/13
to web...@googlegroups.com
I need a way to make downloads private/one time for the user.
What is the best practice for this?
* Should I need a special download script? My guess is yes.
* Should I have a special directory and how would I best do that?
* Is there a way to create one time downloads without authentication? Some of my cases will need authentication and some not.
BR,
Jason Brower
What is the best practice for this?
* Should I need a special download script? My guess is yes.
* Should I have a special directory and how would I best do that?
* Is there a way to create one time downloads without authentication? Some of my cases will need authentication and some not.
BR,
Jason Brower
Alan Etkin
Nov 10, 2013, 4:48:20 AM11/10/13
to web...@googlegroups.com
I need a way to make downloads private/one time for the user.
What is the best practice for this?
Some tools I'd use:
- File blob storage fields
- File group ownership list:reference auth_group field
You could check for empty group ownership in case of no authentication needed. This approach does not require using the filesystem, nor special folders.
I don't think there is any previous available code or recipe for this case. However, I'd search this list, the book and web2pyslices before starting from scratch.
- File blob storage fields
- File group ownership list:reference auth_group field
You could check for empty group ownership in case of no authentication needed. This approach does not require using the filesystem, nor special folders.
I don't think there is any previous available code or recipe for this case. However, I'd search this list, the book and web2pyslices before starting from scratch.
黄祥
Nov 10, 2013, 5:46:27 AM11/10/13
to web...@googlegroups.com
* Should I need a special download script? My guess is yes.
hm, not sure about the special one. what do you want to achieve using the special download script?
* Should I have a special directory and how would I best do that?
if you want to store it on directory, you can check it on book or in this forum
ref:
* Is there a way to create one time downloads without authentication? Some of my cases will need authentication and some not.
i think you can use conditional if else to check it and use authorization on it.
ref:
best regards,
stifan
Niphlod
Nov 10, 2013, 7:43:38 AM11/10/13
to web...@googlegroups.com
On Sunday, November 10, 2013 7:49:00 AM UTC+1, Encompass solutions wrote:
I need a way to make downloads private/one time for the user.
What is the best practice for this?
* Should I need a special download script? My guess is yes.
* Should I have a special directory and how would I best do that?
unless stored under /static/, no. web2py has no knowledge (so, the end-user doesn't either) of files outside the /static/ dir except for uploads/, that you can however "restrict" in any way you want through the "normal" auth permission scheme.
* Is there a way to create one time downloads without authentication? Some of my cases will need authentication and some not.
in that case you surely have to serve files with your own controller checking for custom authorizations and such. BTW, one time dowloads are either hard to achieve or (from the end-user perspective) hard to offer. Several browser's extension download files with multiple connections to speed up the retrieval and so you can't just rely on accepting only the first request coming from that particular file (or those tools will probably error out as soon as the second connection is initiated). Usually instead of one-time-only downloads sites serve expiring links (i.e. "you can download it only for the next two days") coupled with a sane amount of trials (let's say 10, if files are not huge).
Jason (spot) Brower
Nov 10, 2013, 3:10:54 PM11/10/13
to web2py-users
Great input! I think I will try the following:
Create a special directory to store the data.BR,
--
Resources:
- http://web2py.com
- http://web2py.com/book (Documentation)
- http://github.com/web2py/web2py (Source code)
- https://code.google.com/p/web2py/issues/list (Report Issues)
---
You received this message because you are subscribed to a topic in the Google Groups "web2py-users" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/web2py/JtlqR-WWicQ/unsubscribe.
To unsubscribe from this group and all its topics, send an email to web2py+un...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
Derek
Nov 13, 2013, 6:08:52 PM11/13/13
to web...@googlegroups.com
I think you could modify rocket to return a 404 for a request with an etag or if-not-modified request in that particular folder, that should probably do it, to prevent downloads from the same device. for downloads from different devices, the approach like niphlod said would work, set a timeframe to dowload the file.
Reply all
Reply to author
Forward
0 new messages