Hi,
We are planning to implement a solution where we host user photos and
video files like flickr does. And, as a typical solution, we are
planning to host these files on a NAS, put an apache server in front
of this NAS and place a squid proxy cache as the entry point. Our
application will be hosted on application servers, and it must have a
different domain name, i.e. application will be accessed via x.com and
squid (and hence multimedia files) will be accessed via y.com, so
there is no way of sharing authentication state and/or cookies and I
don't want users to double authenticate for usability reasons.
But, some of these photos and videos need to be protected, for example
a user might choose to limit access to a photo by his friends only.
I looked at how flickr does it, and they do something like
authorization by URL. I mean, the URL is specifically generated and it
is a long URL, but if you give this URL to anyone (or if anyone sniffs
the network), they can access this photo.
What I am thinking about doing is to generate time sensitive URLs (URL
will be valid for 20 minutes). When application generates a page and
places a link to this photo in the page, the URL will be something
like http://www.y.com/asdkhjasd01.gif?t=time_t&hash=z and I can use
Squid redirector plugin to verify the timestamp and allow access to
it.
So, my question is do you think Flickr's scheme is secure enough? If
so, what I will be doing is even more secure, and it will let squid
cache it for 20 minutes.
Can you please recommend anything better and/or more secure and fast?
I would appreciate it if you can share your experience in this matter.
Thanks.
Received on Mon Jul 27 2009 - 19:05:51 MDT
This archive was generated by hypermail 2.2.0 : Tue Jul 28 2009 - 12:00:05 MDT