Beefy Boxes and Bandwidth Generously Provided by pair Networks
more useful options

Restricting Download Access with CGI::Session

by beretboy (Chaplain)
on Sep 01, 2007 at 13:13 UTC ( #636509=perlquestion: print w/replies, xml ) Need Help??

beretboy has asked for the wisdom of the Perl Monks concerning the following question:

I'm working on a fairly large web app with CGI::Application and it's CGI::Session plugin. All authentication is done through the latter, and I'd like to selectively grant access to file downloads on the basis of my database driven CGI::Session authentication scheme. What's the best way to do this?

My best idea at the moment is to have the CGI script read the files and return them after checking session authentication and permissions from the DB. For instance:


would return the file foo.mp3 with the appropriate mime type and everything. These are hour long mp3's though, and it seems as though this scheme might be problematic.

Replies are listed 'Best First'.
Re: Restricting Download Access with CGI::Session
by scorpio17 (Canon) on Sep 01, 2007 at 15:28 UTC

    You might consider using CGI::Application::Plugin::Stream. This will help you stream the files.

    Also, if you use CGI::Application::Plugin::Authorization and CGI::Application::Plugin::Authentication, you can easily control access to the files.

    For example, you can have multiple groups, each with different levels of access. This would let you have free downloads, downloads for "basic" customers, and different downloads for "premium" customers. Your database will need a table pairing up user id with access level. If someone tries to illegally access a file that they don't have access to, they'll get a "forbidden" error, etc.

Re: Restricting Download Access with CGI::Session
by f00li5h (Chaplain) on Sep 01, 2007 at 13:46 UTC

    You'd want to check the seession for a valid user, then binmode STDOUT send the headers with the correct content-type and print the contents of the file to STDOUT

    You'll perhaps want to send a 403 or something of the sort for folks without valid sessions too.

    @_=qw; ask f00li5h to appear and remain for a moment of pretend better than a lifetime;;s;;@_[map hex,split'',B204316D8C2A4516DE];;y/05/os/&print;

Log In?

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: perlquestion [id://636509]
Approved by Corion
Front-paged by Corion
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others making s'mores by the fire in the courtyard of the Monastery: (4)
As of 2022-01-27 09:10 GMT
Find Nodes?
    Voting Booth?
    In 2022, my preferred method to securely store passwords is:

    Results (70 votes). Check out past polls.