[Mongrel] secure downloads

Josh Ferguson josh at besquared.net
Wed Jun 21 19:37:48 EDT 2006


Keep the to_s drop the (base=16).

Josh

Kevin Williams wrote:
> It throws an error, as I commented in the code.
>
> Perhaps using the Bignum in the digest and the to_s in the uri?
>
>
> On 6/21/06, Josh Ferguson <josh at besquared.net> wrote:
>   
>> try not to_s with base 16 and just leaving it as a big integer.
>>
>> Josh
>>
>> Kevin Williams wrote:
>>     
>>> module ApplicationHelper
>>>
>>>   def lighttpd_download_url( file )
>>>     secret = 'foobar'
>>>     uri_prefix = '/dl/'
>>>     t = Time.now.to_i.to_s( base=16 )
>>>     hash = Digest::MD5.new( "#{secret}/#{file}#{t}" )
>>>     "#{uri_prefix}#{hash}/#{t}/#{file}"
>>>   end
>>>
>>>   def mongrel_download_url( file )
>>>     require 'digest/sha1'
>>>     secret = 'foobar'
>>>     uri_prefix = '/dl'
>>>     timestamp = 1.minute.from_now.to_i.to_s( base=16 ) # throws "can't
>>> convert Bignum into String" without the 'to_s'
>>>     token = Digest::SHA1.hexdigest( secret + file + timestamp )
>>>     uri = "#{uri_prefix}/?token=#{token}&relative-path=#{file}&timestamp=#{timestamp}"
>>>   end
>>>
>>> end
>>>
>>> On 6/21/06, Josh Ferguson <josh at besquared.net> wrote:
>>>
>>>       
>>>> That time stamp doesn't look quite right. Can you paste the code used to
>>>> generate the URL?
>>>>
>>>> Josh
>>>>
>>>> Kevin Williams wrote:
>>>>
>>>>         
>>>>> OK, on WinXP / Ruby 1.8.4 I get an HTTP connection reset error. The
>>>>> download link looks like this:
>>>>>
>>>>> http://localhost:3000/dl/?token=4c927cdb55be0efd4480298659a5e48306aca2c8&relative-path=foo.zip&timestamp=4498c369
>>>>>
>>>>> I get the same error on the Mac.
>>>>>
>>>>>
>>>>> On 6/20/06, Kevin Williams <kevwil at gmail.com> wrote:
>>>>>
>>>>>
>>>>>           
>>>>>> I've got Win32, Linux, & Mac - I don't remember which OS to be honest.
>>>>>> I'll go back and test again and try to give you some useful info.
>>>>>>
>>>>>> On 6/20/06, Josh Ferguson <josh at besquared.net> wrote:
>>>>>>
>>>>>>
>>>>>>             
>>>>>>> What OS? The gem is super early beta so it could use a lot of work. I've
>>>>>>> only tested it on win32 which means there could be a whole host of
>>>>>>> errors and bad coding practices for other systems..:)
>>>>>>>
>>>>>>> Josh Ferguson
>>>>>>>
>>>>>>> Kevin Williams wrote:
>>>>>>>
>>>>>>>
>>>>>>>               
>>>>>>>> Has anyone had any success with the mongrel_secure_download gem? I
>>>>>>>> keep getting "connection reset" errors.
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>                 
>>>>>>> _______________________________________________
>>>>>>> Mongrel-users mailing list
>>>>>>> Mongrel-users at rubyforge.org
>>>>>>> http://rubyforge.org/mailman/listinfo/mongrel-users
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>               
>>>>>> --
>>>>>> Cheers,
>>>>>>
>>>>>> Kevin
>>>>>>
>>>>>>
>>>>>>
>>>>>>             
>>>>>           
>>>> _______________________________________________
>>>> Mongrel-users mailing list
>>>> Mongrel-users at rubyforge.org
>>>> http://rubyforge.org/mailman/listinfo/mongrel-users
>>>>
>>>>
>>>>         
>>>
>>>       
>> _______________________________________________
>> Mongrel-users mailing list
>> Mongrel-users at rubyforge.org
>> http://rubyforge.org/mailman/listinfo/mongrel-users
>>
>>     
>
>
>   



More information about the Mongrel-users mailing list