Yeah that's what I wanted to do initially. auth_basic + ajax that would authenticate and receive a username/password for upload (the username and password would be changed every few seconds). The problem is that you cant authenticate and upload at the same time with javascript. Asking a user to write in a password is out of the question.
<div><br><br><div class="gmail_quote">On Dec 3, 2007 8:38 AM, Igor Sysoev <<a href="mailto:is@rambler-co.ru">is@rambler-co.ru</a>> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
<div class="Ih2E3d">On Mon, Dec 03, 2007 at 07:22:40AM +0100, Rapsey wrote:<br><br>> I don't like the idea that anyone is able to upload a file to my server (up<br>> to client_max_body_size), without authorizing himself. Maybe I'm paranoid.
<br>> I was just wondering if there is a way to do authorization first. I can't<br>> find anything in the wiki but nginx configuration is full of clever ways to<br>> do something that are not apparent.<br>>
<br><br></div>If you use basic authorization, then as it was suggested you may use<br><br> location /upload/ {<br><br> limit_expect GET {<br> auth_basic ...<br> auth_basic_user_file<br><div>
<div></div><div class="Wj3C7c"> }<br><br>> On Dec 2, 2007 10:11 PM, Alex Egg <<a href="mailto:eggie5@gmail.com">eggie5@gmail.com</a>> wrote:<br>><br>> > isnt this a higher level question unrelated to nginx? perhaps your
<br>> > back end software ?<br>> ><br>> > On 12/2/07, Rapsey <<a href="mailto:rapsey@gmail.com">rapsey@gmail.com</a>> wrote:<br>> > > A fastcgi application receives an uploaded file only after it has been
<br>> > > uploaded, how do you then prevent just anyone (or anything) from<br>> > uploading a<br>> > > file?<br>> > ><br>> > ><br>> > > thank you,<br>> > > Sergej
<br>> > ><br>> ><br>> ><br><br></div></div><font color="#888888">--<br>Igor Sysoev<br><a href="http://sysoev.ru/en/" target="_blank">http://sysoev.ru/en/</a><br><br></font></blockquote></div><br></div>