updated the latest changes and fixed the typos and wording in the docs (Ryan Schmidt)

git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-merge-1.4.x@895 152afb58-edef-0310-8abb-c4023f1b3aa9
author: jan <jan@152afb58-edef-0310-8abb-c4023f1b3aa9> 2005-12-20 14:02:44 +0000
committer: jan <jan@152afb58-edef-0310-8abb-c4023f1b3aa9> 2005-12-20 14:02:44 +0000
commit: 343710944a9125c7c1bef42dd5bac98c25d79027 (patch)
tree: f786bce10c56b4a3857dd7ae0f140a7f625836b3 /doc/secdownload.txt
parent: 018908f04e56517198eb301abbd7bdc815152988 (diff)
download: lighttpd-343710944a9125c7c1bef42dd5bac98c25d79027.tar.gz
1 files changed, 43 insertions, 43 deletions
diff --git a/doc/secdownload.txt b/doc/secdownload.txt
index fb946eda..570b9112 100644
--- a/doc/secdownload.txt
+++ b/doc/secdownload.txt
@@ -11,12 +11,12 @@ Module: mod_secdownload
 :Revision: $Revision: 1.1 $
 
 :abstract:
-  authenticated file requests and a counter measurement against 
+  authenticated file requests and a countermeasure against
   deep-linking can be achieved easily by using mod_secdownload
-  
+
 .. meta::
   :keywords: lighttpd, secure, fast, downloads
-  
+
 .. contents:: Table of Contents
 
 Options
@@ -32,77 +32,77 @@ Options
 Description
 ===========
 
-there are multiple way to handle secured download mechanisms:
+there are multiple ways to handle secured download mechanisms:
 
-1. use the webserver and the internal HTTP-authentication 
-2. use the application to authenticate and send the file 
+1. use the webserver and the internal HTTP authentication
+2. use the application to authenticate and send the file
    through the application
-     
-Both way have limitations:
+
+Both ways have limitations:
 
 webserver:
 
-- ``+`` fast download 
-- ``+`` no additional system load 
-- ``-`` unflexible authentication handling
-  
+- ``+`` fast download
+- ``+`` no additional system load
+- ``-`` inflexible authentication handling
+
 application:
 
 - ``+`` integrated into the overall layout
 - ``+`` very flexible permission management
-- ``-`` the download occupies a application thread/process
-  
-A simple way to combine the two way could be:
+- ``-`` the download occupies an application thread/process
+
+A simple way to combine the two ways could be:
 
 1. app authenticates user and checks permissions to
    download the file.
-2. app redirectes user the file accessable by the webserver
-   for further downloading
-3. the webserver transfers the file to the user
+2. app redirects user to the file accessable by the webserver
+   for further downloading.
+3. the webserver transfers the file to the user.
 
 As the webserver doesn't know anything about the permissions
-used in the app the resulting URL would be available to every 
-user who knows the URL. 
- 
-mod_secdownload removes this problem by introducing a way to 
+used in the app, the resulting URL would be available to every
+user who knows the URL.
+
+mod_secdownload removes this problem by introducing a way to
 authenticate a URL for a specified time. The application has
 to generate a token and a timestamp which are checked by the
-webserver before it allows the file to be downloaded by the 
+webserver before it allows the file to be downloaded by the
 webserver.
 
 The generated URL has to have the format:
 
 <uri-prefix><token>/<timestamp-in-hex><rel-path>
 
-<token> is a MD5 of 
+<token> is an MD5 of
 
 1. a secret string (user supplied)
-2. <rel-path> (startes with /)
+2. <rel-path> (starts with /)
 3. <timestamp-in-hex>
 
 
-As you can see the token is not bound to the user at all. The 
-only limiting factor is the timestamp which is used to 
+As you can see, the token is not bound to the user at all. The
+only limiting factor is the timestamp which is used to
 invalidate the URL after a given timeout (secdownload.timeout).
 
 .. Note::
-  Be sure to choose a another secret then used in the examples 
-  as this is the only part of the token that is not known to 
-  the user.
-  
-  
-  
-If the user tries to fake the URL by choosing a random token
+  Be sure to choose a another secret than the one used in the
+  examples, as this is the only part of the token that is not
+  known to the user.
+
+
+
+If the user tries to fake the URL by choosing a random token,
 status 403 'Forbidden' will be sent out.
 
-If the timeout is reached status 408 'Request Timeout' will be
-sent (this not really standard conforming but should do the 
-trick).
+If the timeout is reached, status 408 'Request Timeout' will be
+sent. (This does not really conform to the standard, but should
+do the trick).
 
-If token and timeout are valid the <rel-path> is taken and 
-appended at the configured (secdownload.document-root) and 
-passed to the normal internal file transfer functionality.
-This might lead to status 200 or 404.
+If token and timeout are valid, the <rel-path> is appended to
+the configured (secdownload.document-root) and passed to the
+normal internal file transfer functionality. This might lead to
+status 200 or 404.
 
 Example
 =======
@@ -135,8 +135,8 @@ code for PHP should be easily adaptable to any other language: ::
 Webserver
 ---------
 
-The server has to configured in the same way. The uri-prefix and secret have
-to match: ::
+The server has to be configured in the same way. The URI prefix and
+secret have to match: ::
 
   server.modules = ( ..., "mod_secdownload", ... )
author	jan <jan@152afb58-edef-0310-8abb-c4023f1b3aa9>	2005-12-20 14:02:44 +0000
committer	jan <jan@152afb58-edef-0310-8abb-c4023f1b3aa9>	2005-12-20 14:02:44 +0000
commit	343710944a9125c7c1bef42dd5bac98c25d79027 (patch)
tree	f786bce10c56b4a3857dd7ae0f140a7f625836b3 /doc/secdownload.txt
parent	018908f04e56517198eb301abbd7bdc815152988 (diff)
download	lighttpd-343710944a9125c7c1bef42dd5bac98c25d79027.tar.gz