- Other Computing Topics (243)
- Other Topics (360)
WriteURL restricts access to documents based on secret URLS. I have asked WriteURL to add timeouts and possibly IP control to their product. Here is how it could be done.
To the secret URL one attaches an expiry time and date, and an optional limitation on permissible IP address. One passes all of this to the client, who passes it to the writeURL server which restricts access accordingly. Simple. How does one prevent the client from changing the data? You add an encrypted hash tag. You hash the permission string with a secret key, and attach the hash to the URL. If the client changes the timeout, the hash will no longer verify and access is denied. You still get the simplicity benefits of the read and write urls, but you also get additional security, with very little increase in software complexity.