a secure machinebeta stuff..
corz distro machine v0.7b
new: secure area. I wanted this for my "friends" folder. it's neater, and a wee bit more secure than the old http authorisation methods, which apparently, some browsers aren't doing any more; seems like a smart idea.
We are using POST variables to send our password, which is held as a 32 byte md5, in a temporary session cookie. even the worst case browser scenario should only have the md5 flying around the wires. In other words, it's fairly secure. Essentially it's the same system that we use for the stats page, though they do remain separate.
users are presented with a simple (and quite cute) password dialog. once logged in they can access all your menu systems, files, source, whatever.
don't use a password-protected machine to deliver back-end menu services; it won't. (it's too easy to just chuck another one somewhere for this)
new: the name of the sections is now displayed in the menu itself. you can also now (optionally) have your custom text displayed inside the menu, too, which nicely fills that space on the right!
new: expanded list of downloadables. we now check for, and send mime-types, so mp3's, ogg's, spreadsheets, pdf's and such things can be delivered easily with the distromachine. I'll expand this list as I go along, no doubt. so far..
doc, xls, htm, html, jpg, png, pdf, txt, ogg, mp3,m3u, zip, rar, sit, sitx, tgz, gzip, bz2, arc, bzip, pict, mpg, mov, and others.
so if you use the machine to distribute, say, mp3's, this should cause whatever the user's operating system is set to do with these filetypes, i.e. open the mp3 player.
new: made a few more things customisable. stuff like the main titles. you can have a "foo viewer" menu now, or whatever.
I also improved the overall download handling, there should be less browser stalling, and associated weirdness. we DO send size headers now, too.
I dropped in the code for all this pretty quick, so it's into the beta zone for a while, until it's had some field testing, feedback on the new "secure area" features are especially welcomed.
I'm serious about the feedback. After testing the beta on a couple of servers I rashly replaced all the machines on corz.org with it, only to discover that the download function was spectacularly broken. there followed a short burst of swearing and text editing, taking us back to the release version, which is stable, and works.
the beta works great everywhere else I've tried, but I have a hunch that some gzip tweaks I did here at corz.org are screwing with it, I'll hopefully have a mess around with the .htaccess files soon and investigate.
Check out the new stuff at the beta download area. that's right! I'll be using the beta version for my beta download area, too, so if you can't download the latest beta, you know why!