[consulting] scaling sites with restricted downloads

Mathieu Petit-Clair mathieu at koumbit.org
Fri Mar 31 01:31:27 UTC 2006


Anton wrote:
> On 31/03/06, Laura Scott <laura at pingv.com> wrote:
> 
>> 1) We're about to build two different music community sites that are going
>> to need to start small but (obviously) be able to scale. Controlling access
>> to uploaded mp3s etc. will be key aspects of this install. To (hopefully)
>> reduce their server needs -- because, after all, they're musicians and thus
>> aren't exactly flush -- I'm considering using public fileserver settings,
>> and chmod-ing the folder to limit access to only via Drupal. Would that
>> work? Are there limitations to this approach?
> 
> Hi Laura, I don't think that will work. From the filesystems
> perspective it is Apache that is accessing it, not Drupal. It won't be
> able to tell the difference between a standard Apache request and a
> Drupal request - both are controlled with the Apache user account.
> 
> That is the situation in general, but there maybe a few tricky addons
> to Apache that can do suid type stuff for PHP requests. I haven't
> tried any though.
> 

Hi,

This seems right to me, but if your hosting provider let's you have 
folders that are outside what Apache can access, a (php) script from 
Drupal could be the only way to make the file publicly visible (and thus 
control access).  This could only be a matter of setting the right http 
headers and doing a fopen() and fpassthru() ... (someone has to test 
this out, though)

Hope it helps... (especially since this is my first post to this list :)

Mathieu


More information about the consulting mailing list