Apache::OneTimeURL - One-time use URLs for sensitive data
PerlModule Apache::OneTimeURL <Location /secret> PerlHandle Apache:OneTimeURL SetHandler perl-script PerlSetVar OneTimeDb /opt/secret/access.db PerlSetVar OneTimeDoc /opt/secret/realfile.html PerlSetVar OneTimeEmail firstname.lastname@example.org </Location>
#!/usr/bin/perl use Apache::OneTimeURL; my $comments = join " ", @ARGV; my $db = "/opt/secret/access.db"; print "http://www.my.server.int/secret/", Apache::OneTimeURL->authorize($db, $comments), "\n";
% authorize.pl Given to Simon C on IRC http://www.my.server.int/secret/2c61de78edd612cf79c0d73a3c7c94fb
This URL will only be viewable once, and will then return an error. For the first five times that the URL is accessed in error, a mail will be sent to the email address given in the config. The number of times can be configured with the
OneTimeMailCount variable; if you don't want any mail, set this to minus one.
The synopsis pretty much wraps it up. I'm paranoid about giving out certain information, and although I can't really control what people do with the HTML when they download it, I can damned well ensure that URLs in mail I send don't end up on the web and being a liability. Hence the desire for a URL that's only valid once. You may have your own interesting uses for such a set-up.
I've hopefully designed the module so that if there's some aspect of its behaviour you don't like, you can switch to the "method handler" style (ie.
PerlHandler Apache::OneTime::URL->handler and subclass to override the bits you're unhappy about. This may be easier than convincing me to make changes to the module.
Peter Sergeant offered several useful ideas which contributed to the 1.1 and 1.2. releases of this module.
Copyright 2003 Simon Cozens.
This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself.