WebApp Sec mailing list archives
Re: Securing PDF file on a Website
From: focus () karsites net
Date: Sat, 23 Jul 2005 17:07:06 +0100 (BST)
If you just want to limit access on a once-per-user basis, by their email address, you could try the following. Generate a unique session ID for that particular user, when they request access to the pdf file, on your website. Save that session ID in a database table for user authentication. Email a link to the user, with the session ID in the URL. When the user clicks on the URL you emailed to them, for access to the particular file, check the session ID in the URL with the session ID in the authorisation database. If the session ID exists in the database, allow access to the file. Keep some other columns in the table for admin purposes. Eg. some sort of time limits, or access limits. When the user has accessed the file, delete the record with the session ID from the database. If the user tries to access the file, after a certain time constraint, or number of accesses has been reached, then they will be prohibited from accessing it. Or, just generate a unique password for accessing the pdf file, and email that to all users. Change the password as often as required, eg. weekly, fortnightly. Store the generated password in a database for login authorisation. Check the password supplied by the user, with the stored password in the database, to see if they are matching. If they do, allow access to the file. HTH - Keith Roberts http://www.karsites.net/ SPDTool - an idea for a structured open source development CASE tool. Find out more at the above link! On Sat, 23 Jul 2005 echow () videotron ca wrote:
To: webappsec () securityfocus com From: echow () videotron ca Subject: Securing PDF file on a Website To all: Is there a way that I can add access to a pdf file to a website in a secure way? What I was thinking was to require user name and password to access this very confidential file. I was also thinking about requiring the use of tokens and/or certificates. The user group for this application is pretty low tech so my challenge is to come up with something that is secure but really straightforward to use. Any thoughts on how I would implement this would be most appreciated. Regards, Edmond
Current thread:
- Securing PDF file on a Website echow (Jul 23)
- Re: Securing PDF file on a Website Andrew van der Stock (Jul 23)
- Re: Securing PDF file on a Website Kurt Seifried (Jul 23)
- Re: Securing PDF file on a Website focus (Jul 23)
- Re: Securing PDF file on a Website Paul Laudanski (Jul 24)
- <Possible follow-ups>
- Re: Re: Securing PDF file on a Website andres . desa (Jul 23)
- Re: Re: Securing PDF file on a Website andres . desa (Jul 23)
- Re: Re: Securing PDF file on a Website andres . desa (Jul 23)
- RE: Re: Securing PDF file on a Website Auri Rahimzadeh (Jul 23)
- Re: Securing PDF file on a Website Andrew van der Stock (Jul 23)