Subject: Re: URL hiding (file download script) using Lisp
From: rpw3@rpw3.org (Rob Warnock)
Date: Thu, 02 Nov 2006 21:06:43 -0600
Newsgroups: comp.lang.lisp
Message-ID: <CPSdnUK7hMfeL9fYnZ2dnUVZ_qOdnZ2d@speakeasy.net>
Trastabuga <lispercat@gmail.com> wrote:
+---------------
| Victor Kryukov wrote:
| > I'm not sure what do you mean by virtual link.
...
| > 1. Generate some large unique string (e.g. md5sum of user account,
| >    image, date and time of the request and purchase order number), say
| >    2ff1364f6de3cb8ab468081a656d7fe0
...
| > 3. Write url-hanler function for urls of type
| >    http://yoursite/download?id=XXX, which would check if XXX is in
| >    database, feed the associated image to the requestor and then
...
| This is exactly what I am looking for. I don't know the exact term for
| that kind of URL.
+---------------

I call them "obfuscated URLs", and I use them (manually) all the time
for sending information to friends or (sometimes) business associates.
It's far easier than setting up a separate user name & password for
each occasion, and if all you're using is HTTP "Authentication Basic",
it's just as safe. Just be sure that in addition to whatever deterministic
information you hash in [such as Victor listed -- image, date and time,
etc.] that you also hash in at least, oh, 64 bits[1] of nonce [randomness,
different for *each* instance of a download, even if the content is
exactly the same -- /dev/urandom is often a good source, on a busy
server], and use all 128 bits of your MD5 hash. That helps avoid
replay attacks.


-Rob

[1] Normally I would say to use 128 bits of nonce, which would be
    safe from a birthday attack up to about 2^64 tries, but in this
    case you're going to invalidate the URL long before an attacker
    could make even 2^32 attempts, so a 64-bit nonce is probably fine.

-----
Rob Warnock			<rpw3@rpw3.org>
627 26th Avenue			<URL:http://rpw3.org/>
San Mateo, CA 94403		(650)572-2607