== Mongrel_crypted_download GemPlugin IMPORTANT!! Required encrypted_strings plugin http://agilewebdevelopment.com/plugins/encrypted_strings The need to send secured files in a fast and reliable way is common. Sending a file from inside of a web application can be slow and also utilizes an entire application thread/process until the user is done downloading the file. Also is crypt path by encrypted_strings plugin http://agilewebdevelopment.com/plugins/encrypted_strings is a directory that does not exist in the directory structure of the application but does exist in the directory structure of the server. example: /download_file is the crypted by encrypted_strings plugin path to the file. example: /public/attachments/ is the name of file without path. is the number of seconds since epoch until the time when this download expires example (in ruby on rails): 1.minute.from_now.to_i.to_s is the SHA1 hash of the concatenation of the following items: To use the plugin you need to do the following: 1) setup the handler within a configuration script and pass in the secret string. example configuration script: uri "/download_file", :handler => plugin('/handlers/crypteddownload') 2) In your application, form a secured URI by creating the proper parameters and perform an SHA1 hash of the parameters to create the proper token example code (ruby on rails): @track = Track.find(params[:id]) @attachment = Attachment.find(params[:id]) url = CryptedDownload.generate(@attachment.filename, "/public"+@attachment.public_filename.gsub(/#{@attachment.filename}/, ''), "/download_files", request) redirect_to url 3) Start mongel by passing in the location of the configuration script from step 1 with the -S command line switch example: mongrel_rails start -S config/mongrel_crypted_download.conf Error messages If any of the parameters in the URI or the secret_string are missing the handler returns a 500 Application Error. If the token passed in as a parameter does not match the token generated by the handler (if someone tries to guess the token) the handler returns a 403 Forbidden error. If the timestamp is earlier than the current server time, meaning that the file is no longer a valid download then the handler returns a 408 Request Time-out Error. This error is not technically correct but it makes the most sense in the context of the handler.