[UPHPU] restricting access to assets on a public server
boucha at gmail.com
Fri Apr 8 21:04:48 MDT 2011
You could mount a network share and serve and authenticate those files like
you do in the setup you've used in the past. You could use sshfs across the
web or nfs if both servers are behind a firewall. I'm not sure how
performance would be compared to setting up a web service on the other
server to handle all that, but I think it would be a lot simpler and allow
you to work like you're accustomed to.
Let us know what you decide works best. I'm curious.
Also, you might consider using git on that folder you share with everyone.
They don't have to use it or even know, but you could keep a history and
roll back their mistakes that they'll inevitably have.
On Apr 8, 2011 4:34 PM, "Wade Preston Shearer" <wadeshearer.lists at me.com>
> I have a lot of non-technical people that need to get media assets onto a
web server (PDFs, spreadsheets, videos, images, etc). I don't want to have
to deploy it for them and I don't want the content on the same server that
our content management system is running on.
> My plan thus far consists of creating a local SMB share for them to mount
on their desktops. They can then manage (drag-n-drop) files to and from
this. A cron job will rsync these files up to a web server every ten
minutes. I've done this before and it works well.
> The obstacle that I have run into this time however is that some of the
content will need to be protected. Certain assets can be accessed by anyone
that has the URL but others will need to require that the user be
authenticated. The way I usually restrict access to a file is by putting it
on the server outside of web root and then streaming it down to the browser
through a script. The script can verify that the user is authenticated. This
doesn't work though if the assets are on a separate server.
> The only thing I have thought of thus far is putting the assets outside of
web root on the other server and reading them via a web service that
requires authentication. The service would authenticate, read the file, and
stream the bytes over to the requesting server where it would then stream it
out to the browser (forced header download).
> Good solution? Any better ideas?
> UPHPU mailing list
> UPHPU at uphpu.org
> IRC: #uphpu on irc.freenode.net
More information about the UPHPU