design - Can a URL really be considered to be the only key for an HTTP response? -

-

The question can be seen as both practical and theoretical.

I have a HTTP client (Flash Player application) and an HTTP server "backend" registered users with each personal image library can be uploaded and retrieved later.

Since users are certified with cookies carrying session identifiers, it became obvious to me (and therefore the question) that I can provide the following types of URLs to prove one note customer ( "assets") in my vocabulary to obtain image assets Aidentifairs are also unique to the user, ie, of the ID 555 in both Do not have assets. In addition, an asset identifier is actually considered permanently, i.e. ID is non-reusable, the URL I was thinking is: 

  http: // myserver / User / asset / & lt; Asset_id & gt;

The bracket variable denotes the value, that is, obviously and 'asset_id' is not to be taken literally here, they reflect the actual property identifier. In order to "request" the above URL, the user is expected to carry a cookie header with the session identifier, which specifically authenticates and authorizes the user as the owner of the requested asset.

I have a permanent URL (Tim Berners-Lee once said, "Cool URIs do not change"), but obviously, because asset resources are user's personalities who are uploads / owners, they Also not cached by the intermediate proxy, only user agent

Do we have a good way to assume the identity of the user properties to the above URL? My concern is that the response is a valid session identifier cookie header or not, and therefore no one-on-one relationship between a URL and response. But no one can do this, is not it? Server is authorized to receive a check that re-asset sender, is not it? If you have any better ideas for any solution, then I am also eager to hear it. Thank you.

You've said it all, I Bdlunga nothing about your strategy: -) If an unauthorized If the user tries to reach some assets, then give it only 403 HTP code ... that is the correct and expected response in that situation


Comments

Post a Comment

Popular posts from this blog

oracle - The fastest way to check if some records in a database table? -

-
I have a big table to work with. I have to see that there are some records whose parent_id is equal to my passing value. Currently I do this by implementing "my_table using select count (*) where parent_id =: id"; If the result> 0, it means that they exist. Because this is a very large table, and I do not care what the actual number of records present, I just want to know if it exists, so I think count (*) Bit is disabled. How do I apply this requirement most quickly? I'm using Oracle 10. # Tips for Hibernation & amp; Tricks It suggests writing in such a way: Integer number = (integer) session .createQuery ("Select Count (*) to ...."). UniqueResult (); I do not know what is the magic of the unique rule? Why does it fast? To compare, select "1 from mytable where parent_id = passId and rowrum", which is more efficient? If you are not interested in the number of records, then there is an EXISTS query one: Select 'y'
Read more

php - multilevel menu with multilevel array -

-
Just ask someone to solve this problem? I want to create a multilevel menu I can not find the right solution generated with multilevel array, it always gets an array_push error My study came from the original idea But still my Can not match the need. This is my MySQL [code] ----- --------------------- --------------- | ID | PARENT_ID | Name | Link | Seq | 1 | 0 | Dashboad | Dashboard / | 1 | 2 | 0 | Menu 1 | Menu 1 / | 2 | 3 | 0 | Menu 2 | Menu 2 / | 3 | 4 | 0 | Menu 3 | Menu 3 / | 4 | 5 | 2 | Joint Add / | 1 | 6 | 3 | Joint Add / | 1 | 7 | 2 | Edit | Edit / | 2 | 8 | 4 | Joint Add / | 1 ------------------------------------------ [/ Code] I want to do something like this in my array array ('dashboard' = & gt; array ('id' = & gt; '' 'Dame' = & gt; 'Dashboard', 'Title' = & gt; 'Dashboard', 'MatchMin' = & gt; Base_URL (). 'Dashboard /', 'Active' => = & Gt; NULL), &
Read more

jQuery UI: Datepicker month format -

-
I am trying to change the format of the month that shows in the popup (not in the date that the picker actually I do not have any choice anywhere to do this, do I like to use a sub-string () or something else? What I normally display is Trying to change: Class = "ui-datepicker-title"> January & lt; / span & gt; ... & lt; / div & gt; Div>
Read more