On Mon, Sep 13, 2010 at 01:01:36PM -0400, Nate Coraor wrote:
It makes me a bit nervous as that is essentially an end-run on our established security model. It seems like creating public links to private data is something a user should do very explicitly, with warnings, and there should be a clear way to disable the links. Perhaps the links should only be valid for 1 (or a user defined count that defaults to 1) download.
Making the 'publish' URLs something one requests the creation of and something one can invalidate manually are certainly positives. With both of those in place you've pretty much described the "private" class of data in Google's docs, maps, and picasa products. In other contexts I've tried each of: - urls that are only valid N times - urls that are only valid N minutes after their creation - urls that are only valid N minutes after their first use - urls that are only valid X times in N minutes after their first use and concluded they're just unworkable for a bunch of annoying reasons: - people want to test URLs before they email them - content filtering proxy servers sometimes test URLs before the browser gets a crack at it - browser/wget download resume re-accesses the same URL (with a range-request) with the bug reports showing up as "worked and then didn't!". Not worth it. -- Ry4an Brase 612-626-6575 University of Minnesota Supercomputing Institute for Advanced Computational Research http://www.msi.umn.edu