Comment 6 for bug 457377

* The goal is to hide every static resource that can be scanned/fingerprinted by an unauthenticated client.
                * All pages, scripts, CSS, images, Javascript resources require authentication. Give standard looking 404 when unauth.
                * Generate a unique 128-bit (hex digit) prefix for each proxy and store in database. This prefix must be known/provided to access gateways into authentication.
                * When generating links (invites, guest browsing), this prefix is used in place of 001
                * Auth page gateway: Apache configured to check path for prefix.
                * Other exclusions: create_account (invite/capcha), guest browsing. Modify invite to *require* valid invite code param or 404; ensure guest browsing 404 on invalid token; capcha mode -- require proxy prefix as input param or else 404?