[Catalyst] File downloads - Plugin?
Matt S Trout
dbix-class at trout.me.uk
Thu Aug 18 19:59:45 CEST 2005
On Thu, Aug 18, 2005 at 01:45:37PM -0400, Andy Grundman wrote:
> >>Hmm, so upon the request I dump the blob to a temporary disk file, then do
> >>a redirect? yeah, that could work.. Is there any danger of the user being
> >>able
> >>to manually specify a different filename and accessing the other users'
> >>data?
> >
> >
> >No no no, static returns DECLINED which makes apache try the file *for the
> >same request*. No redirect required, so no danger - every request still
> >goes
> >through Catalyst; that way it can return DECLINED to apache if they're
> >allowed
> >to see the file, or send an error page from your Catalyst app as normal.
> >the file,
> >
>
> I'm not sure this will work, though. Static::Simple short-circuits the
> dispatch phase when it finds a valid static file (by checking if the
> request path is a valid file on the filesystem with an extension). Once
> this comes back as true, it sends the static file right away. There
> isn't really a chance to put any kind of security logic in place. Maybe
> this would be better done with the original Static plugin, where you can
> put that logic in your Static controller.
Assuming Static can be modified to also send DECLINED (should this maybe be
the same codebase, and static controller vs. automatic operation two modes?)
then yes, that makes more sense. I'd misunderstood how soon Static::Simple
interrupted the processing, sorry.
--
Matt S Trout Website: http://www.shadowcatsystems.co.uk
Technical Director E-mail: mst (at) shadowcatsystems.co.uk
Shadowcat Systems Ltd.
+ Help us build a better perl ORM: http://dbix-class.shadowcatsystems.co.uk/ +
More information about the Catalyst
mailing list