ubuntu-appstore-developers team mailing list archive

Thread
Date

Re: Changes to access control for click downloads

To: James Westby <james.westby@xxxxxxxxxxxxx>
From: "Alejandro J. Cura" <alejandro.cura@xxxxxxxxxxxxx>
Date: Mon, 5 Aug 2013 10:26:53 -0300
Cc: Ubuntu Appstore Developers <ubuntu-appstore-developers@xxxxxxxxxxxxxxxxxxx>
In-reply-to: <87pptxcdka.fsf@jameswestby.net>

On Thu, Aug 1, 2013 at 6:21 PM, James Westby <james.westby@xxxxxxxxxxxxx> wrote:
> Hi,
>
> We've just deployed a change to staging that alters the way that access
> control for downloads is done. Previously the request was just checked
> for valid credentials, but now SCA is also consulted to ensure that the
> user is able to download the file. This is to keep unpublished files
> secret, so that developers can launch when they are ready, and also one
> of the pre-requisites to being able to sell click packages.
>
> This shouldn't have much impact, but if you were testing with a file
> that has had its entry in the SCA db deleted, you will no longer be able
> to download it. Also, if the package isn't published, only the owner and
> the reviewers will be able to download it.
>
> It is still possible to oauth sign the request using either headers or a
> query string.

Signatures on the query string have stopped working for me, not sure
if it's related to this change.
I can provide a small python program that shows this issue.

cheers,
-- 
alecu

Follow ups

Re: Changes to access control for click downloads
From: James Westby, 2013-08-05

References

Changes to access control for click downloads
From: James Westby, 2013-08-01