Re: [mirrorbrain] Authenticating downloads?

From: Oliver Beattie <oliver_at_obeattie.com>
Date: Thu, 11 Nov 2010 13:41:50 +0200
Hi Peter,

Sorry for my delayed response — have had a bit of a crazy couple of weeks.
That's absolutely amazing you've rolled that functionality into a release, I
am over the moon and it looks like precisely what we need. I am going to be
implementing and testing it in a production environment in the next week or
so, and I'll report back if I have any problems or questions :)

Thank you also for fixing it to be able to work behind authentication…
again, this is perfect for us and means we should be able to use it without
any proxy involvement at all. I will certainly post back with whatever
script (however simple it is) we end up using on the mirrors to validate the
signatures, so anyone wanting to use it in future should find it relatively
straightforward.

Again, I can't thank you enough, I think it's absolutely unbelievable that I
was able to ask for a new feature and have it implemented in a full release
by the end of the week!

—Oliver


On 7 November 2010 20:35, Peter Pöml <peter_at_poeml.de> wrote:

> On Wed, Nov 03, 2010 at 02:27:49PM +0100, Peter Pöml wrote:
> >
> >    http://download/path/to/file          http://mirrorbrain/path/to/file
> >     ^                          \               ^                 |
> >     |                           \              |                 |
> >  download                        \             |                 |
> >  request                        basic          |                 |
> >     |                            auth -------->                  v
> >   ======                           =============            ===========
> >   client                             frontend               mirrorbrain
> >   ======                           =============            ===========
> >   ^  |  ^                          script adding                 |
> >   |  |  |                           timestamp                    |
> >   |  |  |                             |     ^                    |
> >   |  |  |                             v      \                   |
> >   |  | http://mirror1/path/to/file?stamp=abc  \                  |
> >   |  |                                         \                 v
> >   |  |
> http://mirror1/path/to/file
> >   |  |                                           (or entire mirror list)
> > file |
> >   |  v
> >   |  check stamp
> >   =======
> >   mirror1
> >   =======
>
>
> With MirrorBrain 2.14.0, the above setup can be simplified as such:
>
>
>   http://download/path/to/file
>     ^                          \
>    |                           \
>  download                        \
>  request                        basic
>    |                            auth
>  ======                  =====================
>  Client                  Apache w/ MirrorBrain
>  ======                  =====================
>  ^  |  ^                             |
>  |  |   \                            |
>   |  |    \                           |
>  |  |     \                          v
>  |  |    http://mirror1/path/to/file?stamp=abc
>  |  |
>  |  |
>  |  |
> file |
>  |  v
>  |  check stamp
>  =======
>  mirror1
>  =======
>
>
> And for the record:
>
> > You'd probably want to restrict access to the "backend" to localhost.
> > That could mean that MirrorBrain refuses to do its job, due to the fact
> > I mentioned before, regarding requests that require authentication
> > (where there is a simple but too stupid check). That I would need to fix
> > first, in order to allow MB to run behind authentication. (Which should
> > be quickly done.)
>
> That has been fixed with 2.14.0.
>
> Peter
>


_______________________________________________
mirrorbrain mailing list
Archive: http://mirrorbrain.org/archive/mirrorbrain/

Note: To remove yourself from this mailing list, send a mail with the content
 	unsubscribe
to the address mirrorbrain-request_at_mirrorbrain.org
Received on Thu Nov 11 2010 - 11:42:11 GMT

This archive was generated by hypermail 2.3.0 : Thu Nov 11 2010 - 14:17:05 GMT