[Mongrel] secure downloads

Kevin Williams kevwil at gmail.com
Wed Jun 21 21:13:26 EDT 2006


OK, that did it - Thanks!

My test file was a zip file. The download window had a text file icon,
so I assume the mime type was not identified. The downloaded file
didn't work as a zip file, either. Just so you know.

Thanks for helping me get it working so far.

On 6/21/06, Josh Ferguson <josh at besquared.net> wrote:
> Keep the to_s drop the (base=16).
>
> Josh
>
> Kevin Williams wrote:
> > It throws an error, as I commented in the code.
> >
> > Perhaps using the Bignum in the digest and the to_s in the uri?
> >
> >
> > On 6/21/06, Josh Ferguson <josh at besquared.net> wrote:
> >
> >> try not to_s with base 16 and just leaving it as a big integer.
> >>
> >> Josh
> >>
> >> Kevin Williams wrote:
> >>
> >>> module ApplicationHelper
> >>>
> >>>   def lighttpd_download_url( file )
> >>>     secret = 'foobar'
> >>>     uri_prefix = '/dl/'
> >>>     t = Time.now.to_i.to_s( base=16 )
> >>>     hash = Digest::MD5.new( "#{secret}/#{file}#{t}" )
> >>>     "#{uri_prefix}#{hash}/#{t}/#{file}"
> >>>   end
> >>>
> >>>   def mongrel_download_url( file )
> >>>     require 'digest/sha1'
> >>>     secret = 'foobar'
> >>>     uri_prefix = '/dl'
> >>>     timestamp = 1.minute.from_now.to_i.to_s( base=16 ) # throws "can't
> >>> convert Bignum into String" without the 'to_s'
> >>>     token = Digest::SHA1.hexdigest( secret + file + timestamp )
> >>>     uri = "#{uri_prefix}/?token=#{token}&relative-path=#{file}&timestamp=#{timestamp}"
> >>>   end
> >>>
> >>> end
> >>>
> >>> On 6/21/06, Josh Ferguson <josh at besquared.net> wrote:
> >>>
> >>>
> >>>> That time stamp doesn't look quite right. Can you paste the code used to
> >>>> generate the URL?
> >>>>
> >>>> Josh
> >>>>
> >>>> Kevin Williams wrote:
> >>>>
> >>>>
> >>>>> OK, on WinXP / Ruby 1.8.4 I get an HTTP connection reset error. The
> >>>>> download link looks like this:
> >>>>>
> >>>>> http://localhost:3000/dl/?token=4c927cdb55be0efd4480298659a5e48306aca2c8&relative-path=foo.zip&timestamp=4498c369
> >>>>>
> >>>>> I get the same error on the Mac.
> >>>>>
> >>>>>
> >>>>> On 6/20/06, Kevin Williams <kevwil at gmail.com> wrote:
> >>>>>
> >>>>>
> >>>>>
> >>>>>> I've got Win32, Linux, & Mac - I don't remember which OS to be honest.
> >>>>>> I'll go back and test again and try to give you some useful info.
> >>>>>>
> >>>>>> On 6/20/06, Josh Ferguson <josh at besquared.net> wrote:
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>> What OS? The gem is super early beta so it could use a lot of work. I've
> >>>>>>> only tested it on win32 which means there could be a whole host of
> >>>>>>> errors and bad coding practices for other systems..:)
> >>>>>>>
> >>>>>>> Josh Ferguson
> >>>>>>>
> >>>>>>> Kevin Williams wrote:
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>> Has anyone had any success with the mongrel_secure_download gem? I
> >>>>>>>> keep getting "connection reset" errors.
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>> _______________________________________________
> >>>>>>> Mongrel-users mailing list
> >>>>>>> Mongrel-users at rubyforge.org
> >>>>>>> http://rubyforge.org/mailman/listinfo/mongrel-users
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>> --
> >>>>>> Cheers,
> >>>>>>
> >>>>>> Kevin
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>
> >>>> _______________________________________________
> >>>> Mongrel-users mailing list
> >>>> Mongrel-users at rubyforge.org
> >>>> http://rubyforge.org/mailman/listinfo/mongrel-users
> >>>>
> >>>>
> >>>>
> >>>
> >>>
> >> _______________________________________________
> >> Mongrel-users mailing list
> >> Mongrel-users at rubyforge.org
> >> http://rubyforge.org/mailman/listinfo/mongrel-users
> >>
> >>
> >
> >
> >
>
> _______________________________________________
> Mongrel-users mailing list
> Mongrel-users at rubyforge.org
> http://rubyforge.org/mailman/listinfo/mongrel-users
>


-- 
Cheers,

Kevin


More information about the Mongrel-users mailing list