file upload authorization
Rapsey
rapsey at gmail.com
Mon Dec 3 10:49:34 MSK 2007
Yeah that's what I wanted to do initially. auth_basic + ajax that would
authenticate and receive a username/password for upload (the username and
password would be changed every few seconds). The problem is that you cant
authenticate and upload at the same time with javascript. Asking a user to
write in a password is out of the question.
On Dec 3, 2007 8:38 AM, Igor Sysoev <is at rambler-co.ru> wrote:
> On Mon, Dec 03, 2007 at 07:22:40AM +0100, Rapsey wrote:
>
> > I don't like the idea that anyone is able to upload a file to my server
> (up
> > to client_max_body_size), without authorizing himself. Maybe I'm
> paranoid.
> > I was just wondering if there is a way to do authorization first. I
> can't
> > find anything in the wiki but nginx configuration is full of clever ways
> to
> > do something that are not apparent.
> >
>
> If you use basic authorization, then as it was suggested you may use
>
> location /upload/ {
>
> limit_expect GET {
> auth_basic ...
> auth_basic_user_file
> }
>
> > On Dec 2, 2007 10:11 PM, Alex Egg <eggie5 at gmail.com> wrote:
> >
> > > isnt this a higher level question unrelated to nginx? perhaps your
> > > back end software ?
> > >
> > > On 12/2/07, Rapsey <rapsey at gmail.com> wrote:
> > > > A fastcgi application receives an uploaded file only after it has
> been
> > > > uploaded, how do you then prevent just anyone (or anything) from
> > > uploading a
> > > > file?
> > > >
> > > >
> > > > thank you,
> > > > Sergej
> > > >
> > >
> > >
>
> --
> Igor Sysoev
> http://sysoev.ru/en/
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://nginx.org/pipermail/nginx/attachments/20071203/b130b618/attachment.html>
More information about the nginx
mailing list