WebApp Sec mailing list archives
RE: Re: Securing PDF file on a Website
From: "Auri Rahimzadeh" <auri () auri net>
Date: Sat, 23 Jul 2005 08:58:23 -0500
Of course, combining the ACL approach (specific username(s) to address particular pages) and streaming the PDF document, as well as using SSL and user certificates (and other suggestions you are bound to read on this thread) works even better :) And if you don't want anyone to have online access (well, until it's scanned or posted online anyway), you could just print it out or put it on a CD and hand it to somebody (but don't send it in the mail, fedex, etc. as we've seen what happens there). Best, -Auri --- Geek Your Ride! http://www.GeekMyRide.net -----Original Message----- From: andres.desa () paladion net [mailto:andres.desa () paladion net] Sent: Saturday, July 23, 2005 6:02 AM To: webappsec () securityfocus com Subject: Re: Re: Securing PDF file on a Website Streaming a PDF file to the user`s browser will help in adding an authentication mechanism. A script file can be called to stream the PDF file. This script should authenticate the user based upon the credentials supplied. Also, this script can add cache-control headers, which will prevent the PDF file being stored in the local cache on the user's machine. A whitepaper discussing these issues is available at http://www.paladion.net/papers/Document_Security_in_Web_Applications.pdf Andres Desa Paladion Networks, Mumbai - India Application Security Magazine http://palisade.paladion.net
Current thread:
- Securing PDF file on a Website echow (Jul 23)
- Re: Securing PDF file on a Website Andrew van der Stock (Jul 23)
- Re: Securing PDF file on a Website Kurt Seifried (Jul 23)
- Re: Securing PDF file on a Website focus (Jul 23)
- Re: Securing PDF file on a Website Paul Laudanski (Jul 24)
- <Possible follow-ups>
- Re: Re: Securing PDF file on a Website andres . desa (Jul 23)
- Re: Re: Securing PDF file on a Website andres . desa (Jul 23)
- Re: Re: Securing PDF file on a Website andres . desa (Jul 23)
- RE: Re: Securing PDF file on a Website Auri Rahimzadeh (Jul 23)
- Re: Securing PDF file on a Website Andrew van der Stock (Jul 23)