homepage Welcome to WebmasterWorld Guest from 54.197.130.16
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Visit PubCon.com
Home / Forums Index / WebmasterWorld / Professional Webmaster Business Issues
Forum Library, Charter, Moderators: LifeinAsia & httpwebwitch

Professional Webmaster Business Issues Forum

    
Securing PDF files
aspdaddy




msg:3950395
 10:31 pm on Jul 10, 2009 (gmt 0)

I want to push pdf invoices into a b2b site so that logged on users can download thier own invoice history. The site uses SSL & forms authentication - not windows integrated or basic.

Any ideas what components are out there to properly secure the files within iis ensuring direct url access isnt possible.

 

rocknbil




msg:3950692
 5:28 pm on Jul 11, 2009 (gmt 0)

- Store the files in a non-public accessible location, but one that can be read by scripts

- write a script that authenticates (logs in) the user; on authentication of the user, the script OPENS the file and prints it to the browser. This is not the same as a simple URL or redirect; open the file and print.

- Make the script check for some sort of expire mechanism - one view, or a time based expire, for example.

Additionally you can password the PDF and supply the pass to the user, but this is not air tight and has been known to be "hackable" for the truly determined.

aspdaddy




msg:3950878
 9:21 am on Jul 12, 2009 (gmt 0)

the script OPENS the file and prints it to the browser

Any idea what the code would look like for this? (Any language)

I'm guessing the script is called using target=_blank so the main page doesnt change but the PDF opens in a new window? Does the new window set the Response type for PDF?

rocknbil




msg:3950974
 2:23 pm on Jul 12, 2009 (gmt 0)

I don't know that you'd need to open a blank window, but you could.

Something like (perl-ish syntax):

if ($validated) {
# print content-type header
print "content-type:application/pdf\n\n";
open (FILE, "/path-to-nonpublic/location/file.pdf");
while (FILE) { print $_; }
close(FILE);
}

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / WebmasterWorld / Professional Webmaster Business Issues
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved