WebApp Sec mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Re: Securing PDF file on a Website

From: "Auri Rahimzadeh" <auri () auri net>
Date: Sat, 23 Jul 2005 08:58:23 -0500
Of course, combining the ACL approach (specific username(s) to address
particular pages) and streaming the PDF document, as well as using SSL and
user certificates (and other suggestions you are bound to read on this
thread) works even better :) 

And if you don't want anyone to have online access (well, until it's scanned
or posted online anyway), you could just print it out or put it on a CD and
hand it to somebody (but don't send it in the mail, fedex, etc. as we've
seen what happens there).

Best,

-Auri

---
Geek Your Ride! http://www.GeekMyRide.net

-----Original Message-----
From: andres.desa () paladion net [mailto:andres.desa () paladion net] 
Sent: Saturday, July 23, 2005 6:02 AM
To: webappsec () securityfocus com
Subject: Re: Re: Securing PDF file on a Website

Streaming a PDF file to the user`s browser will help in adding an
authentication mechanism. 

A script file can be called to stream the PDF file. This script should
authenticate the user based upon the credentials supplied. Also, this script
can add cache-control headers, which will prevent the PDF file being stored
in the local cache on the user's machine.

A whitepaper discussing these issues is available at
http://www.paladion.net/papers/Document_Security_in_Web_Applications.pdf


Andres Desa
Paladion Networks,
Mumbai - India

Application Security Magazine
http://palisade.paladion.net
Previous By Date Next
Previous By Thread Next

Current thread: