[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Code check before downloading attachments?
- From: theod@xxxxxxxxxxxxxxx
- Subject: Code check before downloading attachments?
- Date: Thu, 14 Jul 2005 10:24:30 +0300
I lately seem to have plenty of several 'direct requests' to files (attachments)
hosted on our CDS server... Taking also into consideration that there IS an easy
pattern which could allow a certain 'individual' to 'download' all attachments
(especially if there is one attachment/record), I thought it would be nice to
have the option to put a 'code check' field just before downloading the file.
This feature is widely used in programs like phpnuke and seems to do the trick!
It doesn't have to be too complex, even a simple 4-digit (ascii-based) random
number that would have to be copied-pasted into a textfield in order to
download any of the available attachments would in a way discourage 'malicious
users' from massively leeching content...
If, on the other hand, you really want to spend all your summer vacation on
that, you could swap ascii-based numbers with little scanned images of numbers
(to make it even harder for scripts to figure the 'code') and put an option to
use this feature per collection allowing the administrator to choose the length
of the code himself... But then again, the simple ascii-based random number
approach would do the trick really nice... :)
What say you?
Best regards,
Theodoropoulos Theodoros
| 
