Anonymous Monk has asked for the wisdom of the Perl Monks concerning the following question:

I have a folder which contains a set of files which should only be accessed by permission. I would like to create an interface using perl so that a user can log in and see a list of the files, with links to download, but not to be able to find and go directly to the files, bypassing the security. In general terms, what is the best way of doing this please?

Replies are listed 'Best First'.
Re: script to access private folder
by QuillMeantTen (Friar) on Jan 21, 2016 at 09:40 UTC

    Update: spelling
    First if you need directions you are going to have to give us more informations:
    When you say log in, what kind of login do you mean,

    • Login with ssh?
    • Login on a web service?
    Those are the two kinds I can think of in your case, the approach will vary wildly depending on the kind of login.
    In the ssh case it could be as simple as displaying in the terminal a list of files and one time download links or just copy the selected files in the user's home folder...
    If you want a web service then you are going to need to set up a server that will give content to users, a database for the login to take place.
    If the files in question should not be modified by the users , catalyst as a plugin, Static::Simple iirc that can be used just for that. Type the url, the file name and voila it will start downloading
    A precise answer to a vague question requires mind reading, I have not upgraded my brain to that stage yet ;)

      Thanks for your reply. Sorry to hear that your brain is not properly equipped for my needs! (Actually, thanks for taking the time to answer my poorly phrased question in a sensible fashion!).

      I replied to jonadab as he rather hit the nail on the head regarding public accessibility of the files. I'd be grateful if you would take a look and let me know what you think about my idea as a workaround, and perhaps see if there is a better way of doing it?

Re: script to access private folder
by Corion (Patriarch) on Jan 21, 2016 at 12:08 UTC

    If you are talking about a web(dav) folder on a webserver, I've used TinyAuth with good effect as a minimalistic access control.

    My plan to leverage the idea of TinyAuth and to combine it with OAUTH 2 so that people can "log in with Facebook" (etc.) failed because one would have to register every instance of the TinyAuth application with Facebook and all the other suppliers one would want to support. I did not find a convenient way to automate registering an application with all those providers.

Re: script to access private folder
by jonadab (Parson) on Jan 21, 2016 at 12:04 UTC

    What would stop the user from bypassing the authentication by simply not using your Perl interface at all, accessing the files directly with some other software? I'm assuming you have something in mind for this, but I don't know what it is. Are the files encrypted? Owned by root and chmod ugo-rwx? Not stored at all except in process memory? Your Perl interface will need to take this stuff into account and might need to be completely different depending on the answer. One person who already replied is assuming that the data are on a remote server. That would lead to a completely different Perl interface than most of the other cases. We can't really advise you very well on how to do what you want without knowing more about what exactly it is that you want to do.

      Thanks, this is a great reply. I'm sorry the question was badly phrased and I'm grateful for the thoughtfulness of most of the responses.

      The files are on a remote server and this is for users of a web site. The files are industry specific and not of interest to most of society, but should be kept confidential. Therefore I think a level of obfuscation would be sufficient, rather than a need for high level out and out security.

      I have the login and file listing part of the service, and what I'm thinking about doing is creating a cron which periodically creates a new name for the folder, and records it in a db. The loading script uses that record to create the link, and there is a web page or ajax refresh of the links to keep them updated on the page.

      I think this would be quite efficient in terms of preventing the file links from being shared between interested parties, however I'm sure that there are probably more efficient processes I could use. I would be interested in knowing yours and other thoughts on this?

        have a look at Apache::OneTimeURL as this seems to fit your needs and is quite simpler than what you proposed, you will need an apache server but you wont need a database

Re: script to access private folder
by Anonymous Monk on Jan 21, 2016 at 08:50 UTC

    In general terms, what is the best way of doing this please?

    Just do it

      I suppose you work for Nike?

        I suppose you work for Nike?

        No, I work for you. In general terms the best way to do something is to always just do it. Now you know.