[Mongrel] secure downloads

Josh Ferguson josh at besquared.net
Wed Jun 21 14:00:53 EDT 2006


try not to_s with base 16 and just leaving it as a big integer.

Josh

Kevin Williams wrote:
> module ApplicationHelper
>
>   def lighttpd_download_url( file )
>     secret = 'foobar'
>     uri_prefix = '/dl/'
>     t = Time.now.to_i.to_s( base=16 )
>     hash = Digest::MD5.new( "#{secret}/#{file}#{t}" )
>     "#{uri_prefix}#{hash}/#{t}/#{file}"
>   end
>
>   def mongrel_download_url( file )
>     require 'digest/sha1'
>     secret = 'foobar'
>     uri_prefix = '/dl'
>     timestamp = 1.minute.from_now.to_i.to_s( base=16 ) # throws "can't
> convert Bignum into String" without the 'to_s'
>     token = Digest::SHA1.hexdigest( secret + file + timestamp )
>     uri = "#{uri_prefix}/?token=#{token}&relative-path=#{file}&timestamp=#{timestamp}"
>   end
>
> end
>
> On 6/21/06, Josh Ferguson <josh at besquared.net> wrote:
>   
>> That time stamp doesn't look quite right. Can you paste the code used to
>> generate the URL?
>>
>> Josh
>>
>> Kevin Williams wrote:
>>     
>>> OK, on WinXP / Ruby 1.8.4 I get an HTTP connection reset error. The
>>> download link looks like this:
>>>
>>> http://localhost:3000/dl/?token=4c927cdb55be0efd4480298659a5e48306aca2c8&relative-path=foo.zip&timestamp=4498c369
>>>
>>> I get the same error on the Mac.
>>>
>>>
>>> On 6/20/06, Kevin Williams <kevwil at gmail.com> wrote:
>>>
>>>       
>>>> I've got Win32, Linux, & Mac - I don't remember which OS to be honest.
>>>> I'll go back and test again and try to give you some useful info.
>>>>
>>>> On 6/20/06, Josh Ferguson <josh at besquared.net> wrote:
>>>>
>>>>         
>>>>> What OS? The gem is super early beta so it could use a lot of work. I've
>>>>> only tested it on win32 which means there could be a whole host of
>>>>> errors and bad coding practices for other systems..:)
>>>>>
>>>>> Josh Ferguson
>>>>>
>>>>> Kevin Williams wrote:
>>>>>
>>>>>           
>>>>>> Has anyone had any success with the mongrel_secure_download gem? I
>>>>>> keep getting "connection reset" errors.
>>>>>>
>>>>>>
>>>>>>
>>>>>>             
>>>>> _______________________________________________
>>>>> Mongrel-users mailing list
>>>>> Mongrel-users at rubyforge.org
>>>>> http://rubyforge.org/mailman/listinfo/mongrel-users
>>>>>
>>>>>
>>>>>           
>>>> --
>>>> Cheers,
>>>>
>>>> Kevin
>>>>
>>>>
>>>>         
>>>
>>>       
>> _______________________________________________
>> Mongrel-users mailing list
>> Mongrel-users at rubyforge.org
>> http://rubyforge.org/mailman/listinfo/mongrel-users
>>
>>     
>
>
>   



More information about the Mongrel-users mailing list