Securing PDF files

Forum Moderators: LifeinAsia

Message Too Old, No Replies

Securing PDF files

aspdaddy

10:31 pm on Jul 10, 2009 (gmt 0)

I want to push pdf invoices into a b2b site so that logged on users can download thier own invoice history. The site uses SSL & forms authentication - not windows integrated or basic.

Any ideas what components are out there to properly secure the files within iis ensuring direct url access isnt possible.

rocknbil

5:28 pm on Jul 11, 2009 (gmt 0)

- Store the files in a non-public accessible location, but one that can be read by scripts

- write a script that authenticates (logs in) the user; on authentication of the user, the script OPENS the file and prints it to the browser. This is not the same as a simple URL or redirect; open the file and print.

- Make the script check for some sort of expire mechanism - one view, or a time based expire, for example.

Additionally you can password the PDF and supply the pass to the user, but this is not air tight and has been known to be "hackable" for the truly determined.

aspdaddy

9:21 am on Jul 12, 2009 (gmt 0)

the script OPENS the file and prints it to the browser

Any idea what the code would look like for this? (Any language)

I'm guessing the script is called using target=_blank so the main page doesnt change but the PDF opens in a new window? Does the new window set the Response type for PDF?

rocknbil

2:23 pm on Jul 12, 2009 (gmt 0)

I don't know that you'd need to open a blank window, but you could.

Something like (perl-ish syntax):

if ($validated) {
# print content-type header
print "content-type:application/pdf\n\n";
open (FILE, "/path-to-nonpublic/location/file.pdf");
while (FILE) { print $_; }
close(FILE);
}