I'm after some Proof of Concept Code, written using php & mySQL and also potentially asp.net and MS-SQL (please speciy if you have both php/mysql and [url removed, login to view] or just php/mysql experience).
This is for a secure download service, where users login, choose a file and then download the file - however the file will come from a different server closer to them basically like a CDN system. So effectively there are three parts:
- Our Servers (PHP/mySQL)
- Client Web-Browser
- Server with end content (seperate location to the php/mysql - i.e. opposite sides of the country so we can't share access to the database/sessions etc) and may actually run on seperate virtual servers etc (PHP/mySQL and [url removed, login to view] versions)
1) User goes to our website. Session is created - basic log details (username/password) and and a list of files are displayed.
2) User clicks on a file. It will then cause the browser to download the file from another server (each file in this version within the database lists the server it's on
3) Browser downloads File
However, we need it to be secure. We don't want other users to simply type in a URL to access the resources so we need some sort of security. I'm thinking, when the user requests the file the url for the redirect could have a transaction_id appended to it - and therefore when the file delivery server receives the request it will take the transaction_id, talk to our web-server via web services - REST?, say I've got this transaction_id for this file_id does this exist? If OK, the system will then delete the transaction_id from our database, allow the user to download it and then it's done.
Content/File Delivery Server:
- Has it's own database. This will list each file_id and then have a location for the file (such as file_id=1, location=D:\FileStore\1\[url removed, login to view]"