Re: [Nolug] Download manager

From: Kevin Kreamer <kevin_at_kreamer.org>
Date: Sun, 06 Nov 2005 13:57:00 -0600
Message-ID: <436E600C.40402@kreamer.org>

Chuck wrote:
> I’m looking for some sort of web application that will help me manage a
> long list of files on a web server. I have a list of files in a web
> directory protected by htaccess. When I need to download a file I simply
> enter in the password and get a directory listing then I can download
> whatever I want. The problem arises when I want to give someone else
> access to a single file. I don’t want to give them access to all of the
> files in the directory so what I’ve been doing is moving the one file I
> want to give them to an unprotected directory, let them download it and
> then moving the file back to the protected directory.
>
>
>
> There must be some PERL or PHP script that lists all the files in that
> directory, let me choose one that I want to give temporary access to,
> and then assign a one time password to it. Then I can provide the person
> a link, a one time password and then forget about it. After they click
> the link and enter the password to download the file, the password is
> automatically erased so I never have to worry about it again. I’ve been
> searching through Freshmeat.net but I can’t find such a script. Anyone
> have any ideas on where I can find something like this?

I don't know of a script that already exists, but one wouldn't be hard
to write. The basic idea would be to keep the files outside of the web
area (or in your protected directory, I guess), and then have the script
pipe the file out to your user. The script itself would have to handle
doing the authentication itself.

Were you planning on keeping the file list and authentication
information in a database, or use some flat files on the server? The
other issue (and it is an issue if you use htaccess, too) is that you
would probably want to SSL encrypt the connection. I realise that it's
less of a vulnerability because they are one time passwords, but it's
still a small issue. The last thing I can think of is that you might
want to do a time limit (like 24 hours or something) instead of just one
download, because of the variety of things that could happen during that
download (dropped connections, corrupted downloads, user error, etc.).

Kevin
___________________
Nolug mailing list
nolug@nolug.org
Received on 11/06/05

This archive was generated by hypermail 2.2.0 : 12/19/08 EST