Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 3 of 3
  1. #1
    New to the CF scene
    Join Date
    Jan 2012
    Posts
    5
    Thanks
    0
    Thanked 0 Times in 0 Posts

    File download security?

    I'm assuming that providing a public link to a pdf file on our server, for example, example.com/files/etc/downloadme.pdf, isn't exactly secure. Am I right?

    Is the best way to implement this is to pass in some parameters that the server will analyze, get the pdf file, and return a stream? I've been searching for some tutorials but can't seem to find any.

    Thanks.

  • #2
    Master Coder felgall's Avatar
    Join Date
    Sep 2005
    Location
    Sydney, Australia
    Posts
    6,603
    Thanks
    0
    Thanked 645 Times in 635 Posts
    If you want to limit access then put the pdfs above your public_html and access them via a script. You can add whatever validation in front of the following (which assumes that the name of the PDF file is in $pdf

    Code:
    ini_set('zlib.output_compression','Off');
    header("Pragma: public");
    header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
    header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
    header("Cache-Control: must-revalidate");
    header('Content-type: application/pdf');
    header('Content-Disposition: attachment; filename="'.$pdf.'"');
    header('Content-Length: ' . filesize("../$pdf"));
    readfile("../$pdf");

    replace attachment with inline if you want the PDF to display in the page instead of being downloaded outside the browser.
    Stephen
    Learn Modern JavaScript - http://javascriptexample.net/
    Helping others to solve their computer problem at http://www.felgall.com/

    Don't forget to start your JavaScript code with "use strict"; which makes it easier to find errors in your code.

  • #3
    Senior Coder djm0219's Avatar
    Join Date
    Aug 2003
    Location
    Wake Forest, North Carolina
    Posts
    1,293
    Thanks
    4
    Thanked 202 Times in 199 Posts
    Quote Originally Posted by Maize View Post
    I'm assuming that providing a public link to a pdf file on our server, for example, example.com/files/etc/downloadme.pdf, isn't exactly secure. Am I right?
    Not at all. What leads you to believe it might not be secure? You would not be storing it in the directory you used in your example but if it's for public consumption, putting in a directory your web server can "see" and providing a link to it is just fine.
    Dave .... HostMonster for all of your hosting needs


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •