Access key module

Manlio Perillo manlio_perillo at libero.it
Sun Dec 30 18:41:37 MSK 2007 

Cliff Wells ha scritto:
> On Sat, 2007-12-29 at 22:19 -0500, Evan Miller wrote:
>> In October, Mykola Grechukh announced his new ngx_http_accesskey_module 
>> to the Russian listserver.[1] The module lets you give access keys to 
>> specific IP addresses, which is useful for restricting downloads to 
>> certain clients. I packaged his patch into a stand-alone module and 
>> translated the documentation. You can find installation instructions and 
>> usage notes on the wiki:
>>
>> http://wiki.codemongers.com/NginxHttpAccessKeyModule
>>
>> This is now the 10th third-party, open-source module that I know of. Cool!
> 
> And this makes me wonder if we want to implement some sort of "clearing
> house" for 3rd party modules.   Specifically, I think the following
> would be useful:
> 
> 1) A secure, centralized place (RCS system or even just tarballs) to
> download from (wiki is too open: even links to outside source code make
> me nervous since they could be altered by a malicious editor to lead to
> poisoned source code).
> 

Each developer should sign his module source distribution with PGP.

Moreover, each developer should have his key signed by a "master key" 
(Igor?) so that nginx core can verify the external module during 
configuration.

But none of the open source projects I know with support to external 
modules do such a thing... (signing and verification is done at 
"Distribution" level, like Debian).

Adding a RCS system can be too hard to handle, altough a distribuited 
revision system can help (and some of them permits to sign each revision).

> 2) Issue tracking.  Might be handy for module authors to not have to
> maintain their own Trac (or whatever) instance.
> 

Yes, this can be very helpful.
But it is always possible to use Google Code or some other projects hosting.

> 3) Perhaps adding some feature to the Nginx build process that allowed
> 3rd party modules to be easily downloaded and installed (from site
> listed in item 1) via configure/make flags (or is this just wishful
> thinking?).
> 

I don't think this is a priority.
It would help, however, if nginx is more "friendly" with external modules.

Actually the configure script command line is fixed; I would like, as an 
example, to add an hook to the configure script so that for mod_wsgi it 
is be possible to specify the Python interpreter path to use via 
--with-python option.

> Anyway, ideas welcome.  I'm happy to setup and maintain whatever is
> decided upon.
> 
> Regards,
> Cliff
> 


Thanks  Manlio Perillo

More information about the nginx mailing list