NAME

Apache::OneTimeURL - One-time use URLs for sensitive data

SYNOPSIS

PerlModule Apache::OneTimeURL
<Location /secret>
    PerlHandle Apache:OneTimeURL
    SetHandler perl-script
    PerlSetVar OneTimeDb  /opt/secret/access.db
    PerlSetVar OneTimeDoc /opt/secret/realfile.html
    PerlSetVar OneTimeEmail intruder@simon-cozens.org
</Location>

authorize.pl: #!/usr/bin/perl use Apache::OneTimeURL; my $comments = join " ", @ARGV; my $db = "/opt/secret/access.db"; print "http://www.my.server.int/secret/", Apache::OneTimeURL->authorize($db, $comments), "\n";

Now:

% authorize.pl Given to Simon C on IRC
http://www.my.server.int/secret/2c61de78edd612cf79c0d73a3c7c94fb

This URL will only be viewable once, and will then return an error. For the first five times that the URL is accessed in error, a mail will be sent to the email address given in the config. The number of times can be configured with the OneTimeMailCount variable; if you don't want any mail, set this to minus one.

DESCRIPTION

The synopsis pretty much wraps it up. I'm paranoid about giving out certain information, and although I can't really control what people do with the HTML when they download it, I can damned well ensure that URLs in mail I send don't end up on the web and being a liability. Hence the desire for a URL that's only valid once. You may have your own interesting uses for such a set-up.

I've hopefully designed the module so that if there's some aspect of its behaviour you don't like, you can switch to the "method handler" style (ie. PerlHandler Apache::OneTime::URL->handler and subclass to override the bits you're unhappy about. This may be easier than convincing me to make changes to the module.

AUTHOR

Simon Cozens, simon@kasei.com

Copyright Simon Cozens, and released under the same terms as Perl itself.