Make downloading Bags more secure #17
Comments
|
Some constraints:
|
|
Token download? We had something like this in our Document Delivery department where the patron would get emailed a token and could use it to download the item once (maybe twice) and there was also a deadline. So once the token was used up or the deadline passed it was removed. |
|
I am currently trying to containerize the Islandora bagger and I was thinking if we bind mount the Drupal private directory in the bagger container it could save the bags in a specific directory and a Drupal module could be responsible of downloading and cleaning up that directory. I will update my finding later today but please let me know if this is not a good approach. Thanks again for all the work on this module. |
|
@nikathone sounds good to me. https://github.com/mjordan/islandora_bagger_integration already exists so it could manage access to the bags in the private directory. Whatever it does should not be required but configurable by the site admin. I am happy to work building this into that module if you want. However I have one question - are use of the private file system and the public filesystem mutually exclusive or can we do what you are describing and still allow for use of the public filesystem at the same time? |
Drupal allows user to set and use both directories in the |
|
Right now for testing purposes I am setting the drupal private path under For production server configured with the playbook the private files will be set on the host and both Drupal and container should have access to it. |
#15 introduced a feature that allows Bags to be downloaded. However, anyone who knows the URL to the directory where the Bags are exposed for downloading has access to all Bags, which is obviously very insecure.
We need a way of allowing Bags to be downloaded that provides more robust security.
The text was updated successfully, but these errors were encountered: