|
|
|
|
|
|
by jcapote
5971 days ago
|
|
|
This is notoriously hard problem to solve if you still want a traditional web server serving out static assets (which is the fastest way to do so). The only way I've seen to serve static content in an authenticated fashion is to serve it out of the application itself using the appropriate headers. I'm curious how others have solved this though... |
|
|
http://kovyrin.net/2006/11/01/nginx-x-accel-redirect-php-rai...
The nginx team added another feature that's even more efficient for this recently (doesn't require a dynamic piece of code execution for each hit) - a module that creates "secure links" for protecting static resources:
http://wiki.nginx.org/NginxHttpSecureLinkModule
(I think this feature would be a lot more useful if you could create links that expire after a certain amount of time).
Amazon S3 has a similar feature, which they call "query string authentication": http://docs.amazonwebservices.com/AmazonS3/latest/dev/index.... - again, you can generate a link to a static resource which is signed with your secret key and will only work for a specific amount of time. Last I saw, that's how Basecamp deals with download links for private files.