Beefy Boxes and Bandwidth Generously Provided by pair Networks
Perl Monk, Perl Meditation
 
PerlMonks  

Re: Serving files without revealing their location

by salvadors (Pilgrim)
on Jan 29, 2001 at 02:01 UTC ( [id://54894]=note: print w/replies, xml ) Need Help??


in reply to Serving files without revealing their location

I want to place links in a web page to various documents (.ps, .pdf, .doc, .ppt, etc) without revealing the location of them on the server.

I'm not sure that your question really makes sense. If you're trying to hide their URL then you can't. By definition this information has to be made available so that your web browser can actually fetch them. Even if you could find some really neat trick to hide them from Netscape and IE etc, I could write my own "browser" (ObPerl: using LWP, of course!) that would be able to get at the file.

If you mean that you want to hide the actual location of them on the server, ie not show that they're in /www/docs/ or whatever, then your webserver should take care of that for you. No-one can easily know what your base directory is without reading your config file, and you can always remap different URLs to point to different physical locations anyway.

Tony

  • Comment on Re: Serving files without revealing their location

Replies are listed 'Best First'.
Re: Re: Serving files without revealing their location
by cburns (Novice) on Jan 29, 2001 at 02:11 UTC
    Let me clarify: Say the file is "www/docs/file.pdf" Couldn't I write a cgi that would recieve as a paramenter the file "id", obtain the filename from a db with the given id, then open a filehandle for that file, read its contents into a buffer, and print the buffer contents to the response? The user would only see "cgi-bin/get_file.cgi?id=xxx" in the url.
[reply]
      This is certainly possible, but I have to repeat others' questions: why?

      The solution to your problem (which, itself, is still unknown to us) is kind of odd. All resources on a web server are accessed with a URL. All you're doing is substituting one URL (that maps to a PDF filename of the document) with another (that maps to an ID representing the same PDF data). The fact that that seems kind of non-sensical makes me wonder if you're trying to solve a problem that you don't really have, or if the solution you think you want is going in completely the wrong direction. The solution you outline here is just adding another layer of complexity to the file delivery process, in the form of CGI, which will make things a bit less efficient. If you wanted to go this route, mapping an ID number to a database entry or physical document, I might consider using apache's mod_rewrite or write your own query handler to do the ID -> filename mapping. At least that way you won't be pumping all of this through a CGI script. This seems kind of odd.

      So I'm curious: what are you trying to accomplish by doing this?

[reply]
        The application is a project management tool.

        I want to be able to control a user's access to project documents. If a user no longer has an association with a project, I don't want them to be able to return to that document via it's url.

        If I serve the document with the cgi script, the user won't know the path to the document, only to the cgi that served it.
        I can control access to the cgi page through the login feature of the pm tool, but the projects documents are not webpages- I can't include the login code in them.

        I hope that seems a little more clear.

[reply]

      Yes. You could do that. But then that address would *be* the location of the file. Why would http://www.tmtm.com/cgi-bin/get_file.cgi?id=6 actually be any better than letting it be http://www.tmtm.com/docs/file.pdf?

      If you don't want people to be able to fetch the file more than once, then that's a slightly different question. In that case you could wrap code around the get_file command to not allow the use of the URL more than once, but that's going to be more tricky than a simple database lookup to map the ID to the location.

      Perhaps you could explain *why* you're trying to do this, and we might come up with a better solution.

      Tony

[reply]

In Section Seekers of Perl Wisdom

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?

www.com | www.net | www.org
Node Status?
node history
Node Type: note [id://54894]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others sharing their wisdom with the Monastery: (3)
As of 2024-04-25 21:56 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found