[Mongrel] secure downloads

Kevin Williams kevwil at gmail.com
Wed Jun 21 14:40:39 EDT 2006


It throws an error, as I commented in the code.

Perhaps using the Bignum in the digest and the to_s in the uri?


On 6/21/06, Josh Ferguson <josh at besquared.net> wrote:
> try not to_s with base 16 and just leaving it as a big integer.
>
> Josh
>
> Kevin Williams wrote:
> > module ApplicationHelper
> >
> >   def lighttpd_download_url( file )
> >     secret = 'foobar'
> >     uri_prefix = '/dl/'
> >     t = Time.now.to_i.to_s( base=16 )
> >     hash = Digest::MD5.new( "#{secret}/#{file}#{t}" )
> >     "#{uri_prefix}#{hash}/#{t}/#{file}"
> >   end
> >
> >   def mongrel_download_url( file )
> >     require 'digest/sha1'
> >     secret = 'foobar'
> >     uri_prefix = '/dl'
> >     timestamp = 1.minute.from_now.to_i.to_s( base=16 ) # throws "can't
> > convert Bignum into String" without the 'to_s'
> >     token = Digest::SHA1.hexdigest( secret + file + timestamp )
> >     uri = "#{uri_prefix}/?token=#{token}&relative-path=#{file}&timestamp=#{timestamp}"
> >   end
> >
> > end
> >
> > On 6/21/06, Josh Ferguson <josh at besquared.net> wrote:
> >
> >> That time stamp doesn't look quite right. Can you paste the code used to
> >> generate the URL?
> >>
> >> Josh
> >>
> >> Kevin Williams wrote:
> >>
> >>> OK, on WinXP / Ruby 1.8.4 I get an HTTP connection reset error. The
> >>> download link looks like this:
> >>>
> >>> http://localhost:3000/dl/?token=4c927cdb55be0efd4480298659a5e48306aca2c8&relative-path=foo.zip&timestamp=4498c369
> >>>
> >>> I get the same error on the Mac.
> >>>
> >>>
> >>> On 6/20/06, Kevin Williams <kevwil at gmail.com> wrote:
> >>>
> >>>
> >>>> I've got Win32, Linux, & Mac - I don't remember which OS to be honest.
> >>>> I'll go back and test again and try to give you some useful info.
> >>>>
> >>>> On 6/20/06, Josh Ferguson <josh at besquared.net> wrote:
> >>>>
> >>>>
> >>>>> What OS? The gem is super early beta so it could use a lot of work. I've
> >>>>> only tested it on win32 which means there could be a whole host of
> >>>>> errors and bad coding practices for other systems..:)
> >>>>>
> >>>>> Josh Ferguson
> >>>>>
> >>>>> Kevin Williams wrote:
> >>>>>
> >>>>>
> >>>>>> Has anyone had any success with the mongrel_secure_download gem? I
> >>>>>> keep getting "connection reset" errors.
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>> _______________________________________________
> >>>>> Mongrel-users mailing list
> >>>>> Mongrel-users at rubyforge.org
> >>>>> http://rubyforge.org/mailman/listinfo/mongrel-users
> >>>>>
> >>>>>
> >>>>>
> >>>> --
> >>>> Cheers,
> >>>>
> >>>> Kevin
> >>>>
> >>>>
> >>>>
> >>>
> >>>
> >> _______________________________________________
> >> Mongrel-users mailing list
> >> Mongrel-users at rubyforge.org
> >> http://rubyforge.org/mailman/listinfo/mongrel-users
> >>
> >>
> >
> >
> >
>
> _______________________________________________
> Mongrel-users mailing list
> Mongrel-users at rubyforge.org
> http://rubyforge.org/mailman/listinfo/mongrel-users
>


-- 
Cheers,

Kevin


More information about the Mongrel-users mailing list