I just released a mongrel secure download handler on rubyforge. It''s a
way to have mongrel stream files to the user without linking them
directly to the file using a time-based token authorization scheme.
Here is a more detailed description:
This handler addresses the problem of having a fast and secure
download mechanism for web applications. The mechanism works by having
the application generate a special URI containing a token that is only
valid for a certain period of time. The server then recognizes this URI
and generates a token using the parameters passed in and checks for a
match
before sending the file to the user. The key to the process is the
secret
string that both the server and the application are aware of.
You can find the gem at the rubyforge page here
http://rubyforge.org/projects/msecuredownload/
Documentation is included in the form of RDoc comments that explain
exactly how to use it.
It''s very easy to use and good for quickly and securely sending files
of any size from directories that are not publicly accessible. I have
tested it locally with files over 1GB in size and had no problems.
Processor usage and RAM usage are very low and mongrel continues to
serve up pages as fast as it normally does.
Mongrel you are my hero,
Josh Ferguson
zedshaw-dd7LMGGEL7NBDgjK7y7TUQ@public.gmane.org wrote:
I wrote an x-sendfile thing for the railshandler to get mongrel to catch
the response header and stream out files from an application I''m
writing
but I''m pretty sure that zed said he''d built in x-sendfile
somewhere
already. I couldn''t find it, could someone lead me to it?
Does mongrel work with SSL? If not is anyone interested in having
someone write in SSL support? heh
Josh
No x-sendfile support, but actually just better "sendfile" support (a
system API call and method for streaming out files better in Mongrel).
The x-sendfile stuff tends to be more application framework specific
rather than a Mongrel thing. Mongrel tries to reduce the amount of
interference with the app frameworks since they usually make their own
(more intelligent) decisions about what to send or not. Instead, each
framework just needs a plugin that adds x-sendfile and they''re set.
Now, if you''ve got something that has a usage outside of the frameworks
then just make a gemplugin (I''ll help) and publish it same way as
mongrel_cluster.
As for SSL, nothing yet. Remember that Mongrel is not intended to be a
full web server, so rather than bloat it with SSL support we just
recommend putting it behind a real web server, kssl, stunnel, or some
other "SSL heavy lifter". I think pen has experimental SSL support.
You
might try that out.
Zed
_______________________________________________
Mongrel-users mailing list
Mongrel-users-GrnCvJ7WPxnNLxjTenLetw@public.gmane.org
http://rubyforge.org/mailman/listinfo/mongrel-users