Labs/Joey/FileAuthentication

From MozillaWiki
< Labs‎ | Joey
Jump to navigation Jump to search

From the j2me world, there are times when it is best to hand of the handling of a file to a third party application. In some cases, we can hand the 3rd party application the data that has been download from the server. However, in most cases, we only can hand the application a URL referencing the data.

An example of this is video. On many phones, there is media player application outside of j2me that has much better support for most codecs (that is, the media player does a much better job playing videos than j2me does).

This hand off is async and offers little control. Effectively, we hand the media player a url to play and we are done.

Because of our authentication requirement, and because most media players on phones do not know how to deal with redirection, this process doesn't work.

What we need to do is download the media direct to the device, then use the FileConnector to save this media. However, the FileConnector also has questionable support -- that is, there are maybe many devices that have video support but do not have FileConnector support. Furthermore, additional signing is required to access File, whereas it isn't to invoke the media player.

So, I propose an alternate but possibly less secure system for file authenication

// draft.

We allow temporary access to files whose URL is salted (randomized).

The way it would work would be:

1) When the j2me client desires to hand off a url, it notifies the server of its intent.

2) the server marks the file id of the request in a (new) table, along with a timestamp, and a unique string.


| File ID | Unique_Filename | Timestamp |

3) the server returns a path to this file, including the unique string.

For example: 

https://example.com/files/randomized/Unique_Filename

4) The appcontroller is changed to allow access to files/randominzed if and only if there exists a tuple in the new table that matches against the Unqiue_Filename and has a timestamp that is less than some predetermined threshold.

5) We add an admin task that purges all entries with expired timestamps.

Retrieved from "https://wiki.mozilla.org/index.php?title=Labs/Joey/FileAuthentication&oldid=60986"