Board index   FAQ   Search  
Register  Login
Board index php forum :: PHP and MySQL Security PHP & MySQL Security

HELP! How can I limit Viewing PDF Files ?

Security issues related to php and mysql usage. How to make your code secure? Security measures and configurations? It's all in here!

Moderators: macek, egami, gesf

HELP! How can I limit Viewing PDF Files ?

Postby robinray » Mon Dec 26, 2005 10:58 pm

I have a dilemma I am trying to solve ....

How can I limit the viewing of PDF files to only an Authenticated User ?

I am developing a user system inwhich clients log in, move around in the environment and access pdf documents that are theirs. I am trying to protect PDF files so that they are only being viewed by an authenticated user. I don't want for the PDF file name to be known OR if it's known, for only the authenticated user to access it when they're logged in to the environment.

Anyone have any suggestions?

This user system is written in PHP utilizing the MYSQL db ...

Thanks in advance for any help you can give me !

robinray
robinray
New php-forum User
New php-forum User
 
Posts: 15
Joined: Fri Jul 18, 2003 4:37 pm

Postby Redcircle » Tue Dec 27, 2005 6:15 pm

2 ways ..

keep it in a password protected area.

or

keep the files beneath the world readable dir of your site and read in the file and output it to the browser with a mime type. (using header())
User avatar
Redcircle
Moderator
Moderator
 
Posts: 830
Joined: Tue Jan 21, 2003 10:42 pm
Location: Michigan USA

Postby ruturajv » Wed Dec 28, 2005 8:19 pm

Or you can use Apache's .htaccess
Code: Select all
<Files ~ ".*pdf">
AuthType Basic
AuthName "PDF files to restricted users"
AuthUserFile /usr/local/apache/passwd/passwords
Require valid-user
</Files>
Last edited by ruturajv on Thu Dec 29, 2005 8:25 pm, edited 1 time in total.
User avatar
ruturajv
php-forum Super User
php-forum Super User
 
Posts: 1280
Joined: Sat Mar 22, 2003 9:42 am
Location: Mumbai, India

Postby Alexej Kubarev » Thu Dec 29, 2005 1:43 am

A bit broader explanation of Redcircle's Solution 2

make a file called view_pdf.php
That file will check if a user is authenticated or not. If yes: check the id or something simmilar. That id is used to find what PDF file is to be shown
Then you can simply use header command and read_file to output pdf =)
User avatar
Alexej Kubarev
Site Admin
Site Admin
 
Posts: 2223
Joined: Fri Mar 05, 2004 7:15 am
Location: Täby, Stockholms län

Postby gesf » Thu Dec 29, 2005 4:09 pm

Nothing more too add... you all did good recommendations!
I got an example to post but... i can't :(
User avatar
gesf
Moderator
Moderator
 
Posts: 1718
Joined: Sun Dec 29, 2002 5:03 am
Location: Portugal / Sweden

Appreciate it !

Postby robinray » Thu Dec 29, 2005 6:47 pm

Say Everyone !

Thanks for all the GREAT help ! The problem is solved thanks to all of you --

Thanks again and I wish you all a Happy New Year !

robinray
robinray
New php-forum User
New php-forum User
 
Posts: 15
Joined: Fri Jul 18, 2003 4:37 pm


Return to PHP & MySQL Security

Who is online

Users browsing this forum: No registered users and 2 guests

Sponsored by Sitebuilder Web hosting and Traduzioni Italiano Rumeno and antispam for cPanel.