The London Perl and Raku Workshop takes place on 26th Oct 2024. If your company depends on Perl, please consider sponsoring and/or attending.


Apache::OneTimeURL - One-time use URLs for sensitive data


    PerlModule Apache::OneTimeURL
    <Location /secret>
        PerlHandle Apache:OneTimeURL
        SetHandler perl-script
        PerlSetVar OneTimeDb  /opt/secret/access.db
        PerlSetVar OneTimeDoc /opt/secret/realfile.html
        PerlSetVar OneTimeEmail

    use Apache::OneTimeURL;
    my $comments = join " ", @ARGV;
    my $db = "/opt/secret/access.db";
    print "",
           Apache::OneTimeURL->authorize($db, $comments),


    % Given to Simon C on IRC

This URL will only be viewable once, and will then return an error. For the first five times that the URL is accessed in error, a mail will be sent to the email address given in the config. The number of times can be configured with the OneTimeMailCount variable; if you don't want any mail, set this to minus one.


The synopsis pretty much wraps it up. I'm paranoid about giving out certain information, and although I can't really control what people do with the HTML when they download it, I can damned well ensure that URLs in mail I send don't end up on the web and being a liability. Hence the desire for a URL that's only valid once. You may have your own interesting uses for such a set-up.

I've hopefully designed the module so that if there's some aspect of its behaviour you don't like, you can switch to the "method handler" style (ie. PerlHandler Apache::OneTime::URL->handler and subclass to override the bits you're unhappy about. This may be easier than convincing me to make changes to the module.


Peter Sergeant offered several useful ideas which contributed to the 1.1 and 1.2. releases of this module.



Simon Cozens,


Copyright 2003 Simon Cozens.

This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself.