: How to include content from remote server while keeping that content secure I am hosting collection of videos, for which I retain the copyright, on a file server that I'd like to share with
I am hosting collection of videos, for which I retain the copyright, on a file server that I'd like to share with family and friends. When a user visits my file server via a web browser they are asked to authenticate using HTTP auth and then they are presented with a basic list of the files.
I'd like to build web application that provides a clean interface with simply library functionality. However, this app will be hosted on a different server.
I'm trying to figure out a security model for my file server that doesn't require the user to login to both the file server and the hosting server. I want to make this as easy as possible for my non-tech savvy family while still maintaining security for my files.
More posts by @Pope3001725
5 Comments
Sorted by latest first Latest Oldest Best
Setup facebook connect on a WordPress site your family should know how to connect using facebook you simply click a button and accept the authentication. Pretty simple.
Here is a quick and dirty solution which trusts your users not to share the authentication for the back-end server.
I would never recommend this for a professional project, but it may be the sledgehammer you are lookingfor. It's possible to write urls with a username and password in to them. So from your web-app, with a trusted user logged in, you would write something like this:
<video src="ftp://username:password@remote.example.com/some/file/path.jpg" .. >
IE no longer supports this. Not sure about other browsers. So your users would have to comply.
Obviously anyone who inspects the source of your webapp can find the username & password in the clear. This is of course bad. All in all a dirty hack. But there it is for what it's worth.
I suppose the back-end server is dumb or I'd suggest an hmac shared-secret authentication token.
I agree with @jeffatrackaid about:
"if you build a web application with a user login/pass function, you have handled the user authentication part."
The rest should be done as follows:
A. create the service that pulls the data from the remote server and supplies the streaming content.
B. on the remote server - restrict the access (by IP) so that only requests from your other server - will be served. All other http requests should be ignored.
I don't quite have enough information to know exactly how you plan to setup your application, but a useful guideline is to split user-authentication from application-authentication.
For example, if you build a web application with a user login/pass function, you have handled the user authentication part. The only way someone can view that part of your web application is to authenticate.
Now say this app needs to fetch data elsewhere (pretty common with today's APIs). Your application then has to handle the authentication to the other resource.
The other route is to leave the web application open and have the authentication happen on the application side.
If this is all too much for your goals, consider a hosted solutions using password protected videos:
misternorris.com/2011/02/how-to-vimeo-and-password-protect/
Sounds like making it easy for them is complicating it for you :-) Your question is quite generic so it's hard to be specific but it is possible though a variety of methods.
This link may get you going : blog.neutrino.es/2010/auth-external-the-swiss-army-knife-of-apache-auth/
Also checkout the various authentication modules at Apache : httpd.apache.org/docs/2.4/mod/
To get more help you need to be more specific.
Terms of Use Create Support ticket Your support tickets Stock Market News! © vmapp.org2024 All Rights reserved.