Securing MogileFS
Justin Azoff
JAzoff at uamail.albany.edu
Thu Aug 25 08:33:52 PDT 2005
On Thu, 2005-08-25 at 08:31 -0700, Brad Fitzpatrick wrote:
> I'm working on an access control plugin for Perlbal (mogstored), but you
> don't have to use Perlbal for your mogstoreds... you can just run Apache
> and mod_dav. Or you can use mogstored for PUT/DELETEing the files, and
> run Apache in parallel for GETting the files.
>
> I really don't recommend that, though, since it's trivial for end-users to
> then enumerate all the files if they have direct access to Apache.
if lighttpd were used for GET's, you could use their secure download
feature:
http://www.lighttpd.net/documentation/secdownload.html
--
-- Justin Azoff
-- Network Performance Analyst
More information about the mogilefs
mailing list