...

View Full Version : File download security?



Maize
04-28-2012, 12:20 AM
I'm assuming that providing a public link to a pdf file on our server, for example, example.com/files/etc/downloadme.pdf, isn't exactly secure. Am I right?

Is the best way to implement this is to pass in some parameters that the server will analyze, get the pdf file, and return a stream? I've been searching for some tutorials but can't seem to find any.

Thanks.

felgall
04-28-2012, 12:42 AM
If you want to limit access then put the pdfs above your public_html and access them via a script. You can add whatever validation in front of the following (which assumes that the name of the PDF file is in $pdf


ini_set('zlib.output_compression','Off');
header("Pragma: public");
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
header("Cache-Control: must-revalidate");
header('Content-type: application/pdf');
header('Content-Disposition: attachment; filename="'.$pdf.'"');
header('Content-Length: ' . filesize("../$pdf"));
readfile("../$pdf");


replace attachment with inline if you want the PDF to display in the page instead of being downloaded outside the browser.

djm0219
04-28-2012, 02:09 AM
I'm assuming that providing a public link to a pdf file on our server, for example, example.com/files/etc/downloadme.pdf, isn't exactly secure. Am I right?

Not at all. What leads you to believe it might not be secure? You would not be storing it in the directory you used in your example but if it's for public consumption, putting in a directory your web server can "see" and providing a link to it is just fine.



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum