Re: [mirrorbrain] Authenticating downloads?

From: Peter Pml <peter_at_poeml.de>
Date: Sat, 1 Jan 2011 17:25:31 +0100
On Thu, Nov 04, 2010 at 09:33:31PM +0100, Peter Pml wrote:
> On Thu, Nov 04, 2010 at 03:27:27PM +0100, Peter Pml wrote:
> > I spent a little time playing with this. I basically implemented
> > creating such temporary links in MirrorBrain. 
> > 
> > A quick and easy way to implement this is adding two things to the URL:
> > the request time as seconds since epoch, and a MD5 hash from a string
> > concatenated of epoch time and a shared secret. 
> 
> By the way, if downloads from mirrors should be more restricted, we
> could add the clients IP address into the ticket.
> 
> Peter

By accident, I stumbled over a similar implementation today:
http://www.cisco.com/en/US/docs/video/cds/cda/is/2_5/configuration_guide/URLsigning.html

It seems that Cisco practically does the same thing in their "Internet 
Streamer CDS" product (which is a Content Delivery Network solution).
They have a few more options (ability to choose from several keys,
symmetric and asymmetric keys, added IP address), but otherwise the idea
is exactly the same it seems.

(Adding the IP address would only work properly, I think, if the 
redirector and the mirrors are reached over the same version of the IP 
protocol -- either by IPv4 or IPv6. If the mirror server is reached by a
different version, the IP would obviously not match.)

Peter


_______________________________________________
mirrorbrain mailing list
Archive: http://mirrorbrain.org/archive/mirrorbrain/

Note: To remove yourself from this mailing list, send a mail with the content
 	unsubscribe
to the address mirrorbrain-request_at_mirrorbrain.org
Received on Sat Jan 01 2011 - 16:25:36 GMT

This archive was generated by hypermail 2.3.0 : Sun Feb 27 2011 - 12:32:11 GMT