Forum OpenACS Development: Re: caching files

Collapse
2: Re: caching files (response to 1)
Posted by Dave Bauer on 08/27/07 04:18 PM
I don't understadn this design at all.

This statement particularly is a problem
"This is to make sure people have a hard time tricking the permission checking." impossible to trick permission checking is better.

Basically anything that needs permission checking per user cannot be cached.

Cacing at a proxy server and private applications don't work together.

It works great for publiclly accessible content.

Collapse
3: Re: caching files (response to 2)
Posted by Malte Sussdorff on 08/27/07 05:27 PM
Well, your sentence is not entirely correct. You can cache the files if you make sure you can access them only from the OpenACS page that does the permission checking.

https://blog.kovyrin.net/2006/11/01/nginx-x-accel-redirect-php-rails/

The above link gives a good explanation how this can be achieved with NGINX. My initial sentence came from the fact that you could hack the referrer URL if you knew how the OpenACS system is setup. Also take a look at X-Sendfile

https://blog.lighttpd.net/articles/2006/07/02/x-sendfile

The goal of my question is not about authentication, that is covered (see above), my goal is to have the content repository objects be served as full URLs, so without Form values like ?object_id=1234