[dev] oscar and VFS direct stuff

Michael Rubinsky mike at theupstairsroom.com
Wed Sep 12 05:17:11 UTC 2007 

Been spending time with the Oscar code and started working on getting  
it to an actual VFS implementation. After some discussion on the list,  
I thought it was do-able, but it doesn't look like it's going to be  
very practical....let me explain:

To allow the use of an arbitrary VFS backend, we need a way of  
obtaining a URL to the flv file.  I implemented that similar to how  
Ansel does it - as Jan had helped me understand.  While it is possible  
to get a URL that will return the raw video data - it *totally*  
bypasses the plugin's ability to work with the mod_flv_streaming  
module (in lighttpd - not sure what it's called in apache) because we  
are no longer requesting a ".flv" extension according to the server  
(not to mention we are reading the entire video file into a string and  
*then* writing it out to the client)  This will also make it  
impossible to use (lighttpd's) mod_secdownload for preventing  
direct-linking etc...

Given all of that, I think we need to only allow a file-based storage  
outside of the webroot, and either aliased or accessed using something  
like mod_secdownload
(which does the aliasing for you).  We just need to make it a seperate  
config parameter inside oscar - not tied at all to the global VFS  
config like it is now.

Of course, aliasing the video directory and directly accessing the  
*.flv files means that anyone could view the videos regardless of any  
perms that are set through Horde if they can figure out the  
path...just like what happens in Ansel when using the vfs-direct  
'feature'.


Ah well...I'll get to reverting some of the VFS changes in the morning...

Thanks,
mike

--
The Horde Project (www.horde.org)
mrubinsk at horde.org

"Time just hates me. That's why it made me an adult." - Josh Joplin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: PGP Digital Signature
Url : http://lists.horde.org/archives/dev/attachments/20070912/220d0107/attachment.bin 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-keys
Size: 2013 bytes
Desc: PGP Public Key
Url : http://lists.horde.org/archives/dev/attachments/20070912/220d0107/attachment-0001.bin

More information about the dev mailing list