file upload authorization

Igor Sysoev is at rambler-co.ru
Mon Dec 3 11:02:24 MSK 2007


On Mon, Dec 03, 2007 at 08:49:34AM +0100, Rapsey wrote:

> Yeah that's what I wanted to do initially. auth_basic + ajax that would
> authenticate and receive a username/password for upload (the username and
> password would be changed every few seconds). The problem is that you cant
> authenticate and upload at the same time with javascript. Asking a user to
> write in a password is out of the question.

No way, nginx does not communicate to backend until it will get whole body.

> On Dec 3, 2007 8:38 AM, Igor Sysoev <is at rambler-co.ru> wrote:
> 
> > On Mon, Dec 03, 2007 at 07:22:40AM +0100, Rapsey wrote:
> >
> > > I don't like the idea that anyone is able to upload a file to my server
> > (up
> > > to client_max_body_size), without authorizing himself. Maybe I'm
> > paranoid.
> > > I was just wondering if there is a way to do authorization first. I
> > can't
> > > find anything in the wiki but nginx configuration is full of clever ways
> > to
> > > do something that are not apparent.
> > >
> >
> > If you use basic authorization, then as it was suggested you may use
> >
> >   location /upload/ {
> >
> >       limit_expect  GET  {
> >           auth_basic    ...
> >           auth_basic_user_file
> >       }
> >
> > > On Dec 2, 2007 10:11 PM, Alex Egg <eggie5 at gmail.com> wrote:
> > >
> > > > isnt this  a higher  level question unrelated  to nginx? perhaps your
> > > > back end software ?
> > > >
> > > > On 12/2/07, Rapsey <rapsey at gmail.com> wrote:
> > > > > A fastcgi application receives an uploaded file only after it has
> > been
> > > > > uploaded, how do you then prevent just anyone (or anything) from
> > > > uploading a
> > > > > file?
> > > > >
> > > > >
> > > > > thank you,
> > > > > Sergej
> > > > >
> > > >
> > > >
> >
> > --
> > Igor Sysoev
> > http://sysoev.ru/en/
> >
> >

-- 
Igor Sysoev
http://sysoev.ru/en/





More information about the nginx mailing list