<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
<title></title>
</head>
<body bgcolor="#ffffff" text="#000000">
I just released a mongrel secure download handler on rubyforge. It's a
way to have mongrel stream files to the user without linking them
directly to the file using a time-based token authorization scheme.
Here is a more detailed description:<br>
<br>
This handler addresses the problem of having a fast and secure<br>
download mechanism for web applications. The mechanism works by having<br>
the application generate a special URI containing a token that is only
<br>
valid for a certain period of time. The server then recognizes this URI<br>
and generates a token using the parameters passed in and checks for a
match <br>
before sending the file to the user. The key to the process is the
secret <br>
string that both the server and the application are aware of.<br>
<br>
You can find the gem at the rubyforge page here<br>
<br>
<a class="moz-txt-link-freetext" href="http://rubyforge.org/projects/msecuredownload/">http://rubyforge.org/projects/msecuredownload/</a><br>
<br>
Documentation is included in the form of RDoc comments that explain
exactly how to use it.<br>
<br>
It's very easy to use and good for quickly and securely sending files
of any size from directories that are not publicly accessible. I have
tested it locally with files over 1GB in size and had no problems.
Processor usage and RAM usage are very low and mongrel continues to
serve up pages as fast as it normally does.<br>
<br>
Mongrel you are my hero,<br>
Josh Ferguson<br>
<br>
<a class="moz-txt-link-abbreviated" href="mailto:zedshaw@zedshaw.com">zedshaw@zedshaw.com</a> wrote:
<blockquote
cite="mid63815.154.20.236.245.1149020783.squirrel@webmail.zedshaw.com"
type="cite">
<blockquote type="cite">
<pre wrap="">I wrote an x-sendfile thing for the railshandler to get mongrel to catch
the response header and stream out files from an application I'm writing
but I'm pretty sure that zed said he'd built in x-sendfile somewhere
already. I couldn't find it, could someone lead me to it?
Does mongrel work with SSL? If not is anyone interested in having
someone write in SSL support? heh
Josh
</pre>
</blockquote>
<pre wrap=""><!---->
No x-sendfile support, but actually just better "sendfile" support (a
system API call and method for streaming out files better in Mongrel).
The x-sendfile stuff tends to be more application framework specific
rather than a Mongrel thing. Mongrel tries to reduce the amount of
interference with the app frameworks since they usually make their own
(more intelligent) decisions about what to send or not. Instead, each
framework just needs a plugin that adds x-sendfile and they're set.
Now, if you've got something that has a usage outside of the frameworks
then just make a gemplugin (I'll help) and publish it same way as
mongrel_cluster.
As for SSL, nothing yet. Remember that Mongrel is not intended to be a
full web server, so rather than bloat it with SSL support we just
recommend putting it behind a real web server, kssl, stunnel, or some
other "SSL heavy lifter". I think pen has experimental SSL support. You
might try that out.
Zed
_______________________________________________
Mongrel-users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Mongrel-users@rubyforge.org">Mongrel-users@rubyforge.org</a>
<a class="moz-txt-link-freetext" href="http://rubyforge.org/mailman/listinfo/mongrel-users">http://rubyforge.org/mailman/listinfo/mongrel-users</a>
</pre>
</blockquote>
<br>
</body>
</html>