Ry4an Brase wrote:
On Fri, Sep 10, 2010 at 03:19:54PM -0400, Nate Coraor wrote:
Davide Cittaro wrote:
For selected items "get the public link"
that saves a text file with all the public links (or copies them to pasteboard, or simply displays them in another window....) so that one can use that info to script the download somewhere else (and at any time)... Any suggestion is welcome! :-) Hi Davide,
I wrote up a proof of concept for this that basically does the latter of your suggestions and displays the links on the resulting page after clicking "Go" in the library. One problem, though, is that unless the server is using HTTP Authentication, users will not be able to access any non-public files this way.
Another way around that is to have the public link be a 128-random-bits-as-hex URL which gets stashed in a table suitable for lookup. Then anyone with the non-guessable URL to that download/result can pull it using a copy/pasteable/wgetable URL and if they share it they're only sharing that result, which is what they think they're doing.
That is, of course, some work to code though.
It makes me a bit nervous as that is essentially an end-run on our established security model. It seems like creating public links to private data is something a user should do very explicitly, with warnings, and there should be a clear way to disable the links. Perhaps the links should only be valid for 1 (or a user defined count that defaults to 1) download. --nate