Welcome to WebmasterWorld Guest from 54.145.173.147

Forum Moderators: LifeinAsia & httpwebwitch

Message Too Old, No Replies

Securing PDF files

   
10:31 pm on Jul 10, 2009 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



I want to push pdf invoices into a b2b site so that logged on users can download thier own invoice history. The site uses SSL & forms authentication - not windows integrated or basic.

Any ideas what components are out there to properly secure the files within iis ensuring direct url access isnt possible.

5:28 pm on Jul 11, 2009 (gmt 0)

WebmasterWorld Senior Member rocknbil is a WebmasterWorld Top Contributor of All Time 10+ Year Member



- Store the files in a non-public accessible location, but one that can be read by scripts

- write a script that authenticates (logs in) the user; on authentication of the user, the script OPENS the file and prints it to the browser. This is not the same as a simple URL or redirect; open the file and print.

- Make the script check for some sort of expire mechanism - one view, or a time based expire, for example.

Additionally you can password the PDF and supply the pass to the user, but this is not air tight and has been known to be "hackable" for the truly determined.

9:21 am on Jul 12, 2009 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



the script OPENS the file and prints it to the browser

Any idea what the code would look like for this? (Any language)

I'm guessing the script is called using target=_blank so the main page doesnt change but the PDF opens in a new window? Does the new window set the Response type for PDF?

2:23 pm on Jul 12, 2009 (gmt 0)

WebmasterWorld Senior Member rocknbil is a WebmasterWorld Top Contributor of All Time 10+ Year Member



I don't know that you'd need to open a blank window, but you could.

Something like (perl-ish syntax):

if ($validated) {
# print content-type header
print "content-type:application/pdf\n\n";
open (FILE, "/path-to-nonpublic/location/file.pdf");
while (FILE) { print $_; }
close(FILE);
}