StackOverflow2013

Note that there are some explanatory texts on larger screens.

plurals

PO
primarykey
Id
17319385
data
AcceptedAnswerId
0
AnswerCount
0
ClosedDate
CommentCount
0
CommunityOwnedDate
CreationDate
2013-06-26T11:58:25.687
FavoriteCount
0
LastActivityDate
2013-06-26T11:58:25.687
LastEditDate
LastEditorUserId
0
OwnerUserId
434949
ParentId
17166021
PostTypeId
2
Score
0
ViewCount
0
LastEditorDisplayName
text
Body
For the absolute best security you would need some communication from <code>server 2</code> to <code>server 1</code>, to double check if the request is valid. Although this communication could be minimal, its still communication and thus slows down the proces. If you could live with a marginally less secure solution, I would suggest the following. Server 1 requestfile.php: <pre><code><?php //check login if (!$loggedon) { die('You need to be logged on'); } $dataKey = array(); $uniqueKey = 'fgsdjk%^347JH$#^%&5ghjksc'; //choose whatever you want. //check file $file = isset($_GET['file']) ? $_GET['file'] : ''; if (empty($file)) { die('Invalid request'); } //add user data to create a reasonably unique fingerprint. //It will mostlikely be the same for people in the same office with the same browser, thats mainly where the security drop comes from. //I double check if all variables are set just to be sure. Most of these will never be missing. if (isset($_SERVER['HTTP_USER_AGENT'])) { $dataKey[] = $_SERVER['HTTP_USER_AGENT']; } if (isset($_SERVER['REMOTE_ADDR'])) { $dataKey[] = $_SERVER['REMOTE_ADDR']; } if (isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])) { $dataKey[] = $_SERVER['HTTP_ACCEPT_LANGUAGE']; } if (isset($_SERVER['HTTP_ACCEPT_ENCODING'])) { $dataKey[] = $_SERVER['HTTP_ACCEPT_ENCODING']; } if (isset($_SERVER['HTTP_ACCEPT'])) { $dataKey[] = $_SERVER['HTTP_ACCEPT']; } //also add the unique key $dataKey[] = $uniqueKey; //add the file $dataKey[] = $file; //add a timestamp. Since the request will be a different times, dont use the exact second //make sure its added last $dataKey[] = date('YmdHi'); //create a hash $hash = md5(implode('-', $dataKey)); //send to server 2 header('Location: https://server2.com/download.php?file='.urlencode($file).'&key='.$hash); ?> </code></pre> On server 2 you will do almost the same. <pre><code><?php $valid = false; $dataKey = array(); $uniqueKey = 'fgsdjk%^347JH$#^%&5ghjksc'; //same as on server one //check file $file = isset($_GET['file']) ? $_GET['file'] : ''; if (empty($file)) { die('Invalid request'); } //check key $key = isset($_GET['key']) ? $_GET['key'] : ''; if (empty($key)) { die('Invalid request'); } //add user data to create a reasonably unique fingerprint. if (isset($_SERVER['HTTP_USER_AGENT'])) { $dataKey[] = $_SERVER['HTTP_USER_AGENT']; } if (isset($_SERVER['REMOTE_ADDR'])) { $dataKey[] = $_SERVER['REMOTE_ADDR']; } if (isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])) { $dataKey[] = $_SERVER['HTTP_ACCEPT_LANGUAGE']; } if (isset($_SERVER['HTTP_ACCEPT_ENCODING'])) { $dataKey[] = $_SERVER['HTTP_ACCEPT_ENCODING']; } if (isset($_SERVER['HTTP_ACCEPT'])) { $dataKey[] = $_SERVER['HTTP_ACCEPT']; } //also add the unique key $dataKey[] = $uniqueKey; //add the file $dataKey[] = $file; //add a timestamp. Since the request will be a different times, dont use the exact second //keep the request time in a variable $time = time(); $dataKey[] = date('YmdHi', $time); //create a hash $hash = md5(implode('-', $dataKey)); if ($hash == $key) { $valid = true; } else { //perhaps the request to server one was made at 2013-06-26 14:59 and the request to server 2 come in at 2013-06-26 15:00 //It would still fail when the request to server 1 and 2 are more then one minute apart, but I think thats an acceptable margin. You could always adjust for more margin though. //drop the current time $requesttime = array_pop($dataKey); //go back one minute $time -= 60; //add the time again $dataKey[] = date('YmdHi', $time); //create a hash $hash = md5(implode('-', $dataKey)); if ($hash == $key) { $valid = true; } } if ($valid!==true) { die('Invalid request'); } //all is ok. Put the code to download the file here ?> </code></pre>
Tags
Title
singulars
PostAcceptedAnswerId
1. This table or related slice is empty.
PostParentId
1. POGood method to authenticate files to users
 singulars
 PostTypePostTypeId
 PTQuestion
PostTypePostTypeId
1. PTAnswer
UserLastEditorUserId
1. This table or related slice is empty.
UserOwnerUserId
1. USHugo Delsing
plurals
PostLinksPostIdRelatedPostId
1. This table or related slice is empty.
PostLinksRelatedPostIdPostId
1. This table or related slice is empty.
PostsAcceptedAnswerId
1. This table or related slice is empty.
PostsParentIdCreationDate
1. This table or related slice is empty.
VotesPostIdCreationDate
1. This table or related slice is empty.
CommentsPostId
1. This table or related slice is empty.

Querying!

Guidance

A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.