Welcome to the MacNN Forums.

If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below.

You are here: MacNN Forums > Enthusiast Zone > Networking > How to setup an anonymous http download

How to setup an anonymous http download
Thread Tools
Professional Poster
Join Date: Jan 2000
Location: Columbus, OH
Status: Offline
Reply With Quote
Oct 11, 2011, 09:58 AM
I've got an iPad app ready for the iTunes App Store.

I need to set up a mechanism for my app to download a small XML file (<100kb) via using NSURLConnection. The address will be something like "http://www.mywebsite.com/somedirectory/XMLFile.xml".

I'm not sure if I can setup another site like "http://downloaddata.mywebside.com" instead of the "www" but this would be better I think.

The connection from my app should be anonymous save for an embedded code in the http request. That is, the app should not have to 'log in' but the code in the request will serve to prevent just anybody from accessing the file.

Can anybody help me? At least point me to a resource?

Join Date: Jun 2000
Location: California
Status: Offline
Reply With Quote
Oct 11, 2011, 01:41 PM
You could set a referrer value and check it on the Apache end, like you're suggesting. But there's a simpler solution. Set Apache to not list directories. You can do this a few ways, such as in httpd.conf, or .htaccess files within the directory path to your XML files. Or even drop an empty index.html file "hello world" into each folder along the way.

Then put your XML file within one or several directories with long random filenames. That way no one can see the directory path, and the long random name(s) prevent guessing.

Someone could use a network packet sniffer to see what URL your app is requesting. But they could do the same with a referrer. This will keep most people out, except seriously curious geeks. If you *have* to lock people out (ie banking usage) then you need a login solution with extra security steps, like time-changing logins.
( Last edited by reader50; Oct 11, 2011 at 01:48 PM. )
msuper69  (op)
Professional Poster
Join Date: Jan 2000
Location: Columbus, OH
Status: Offline
Reply With Quote
Oct 11, 2011, 04:09 PM
Thanks reader50. I'll try what you described. I've no experience configuring Apache (I'm not even sure what the web hoster uses) but I'll fuddle through it.

If someone really wants to get at the file really bad, then they probably can but there's no value in it without the app.

Time for some head scratching while I go learn how to configure Apache, et. al.
Clinically Insane
Join Date: Mar 2001
Location: yes
Status: Offline
Reply With Quote
Oct 11, 2011, 04:29 PM
You can also disguise the hosting of this file by changing Apache's default port to something other than 80. I think there is a problem with relying on referral and user agent headers in some browsers not supporting these properly, so I'd echo reader50's suggestion and just host this file in a stealthy manner. A subdomain for hosting this file would be fine.
Cold Warrior
Join Date: Jan 2001
Location: Polwaristan
Status: Offline
Reply With Quote
Oct 11, 2011, 05:31 PM
Open a dropbox account, post the file to the public folder and hit the link from your iPad. Only you will have that link, it doesn't get indexed or published.
Thread Tools
Forum Links
Forum Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Privacy Policy
All times are GMT -4. The time now is 01:35 PM.
All contents of these forums © 1995-2017 MacNN. All rights reserved.
Branding + Design: www.gesamtbild.com
vBulletin v.3.8.8 © 2000-2017, Jelsoft Enterprises Ltd.,