BlackHatPlus.com A forum about BlackHat and Beyond

Programming Tutorials

How to prevent non-members from accessing a PDF URL?

by Randolph » 2015-12-25 16:05

I have a client who is very big on protection. They have a number of PDF documents that only logged in Member to view and download.
However, non-members can go to PDF simply by typing in the address bar. Is there a way to stop access to this? Thank you for your advice.
Randolph
 
Posts: 65
Joined: 2012-05-13 3:58

by Christopher » 2015-12-26 3:16

You can put a link to download the PDF file and the actual behind the public face of the directory as an easy fix.
Christopher
 
Posts: 75
Joined: 2012-04-05 4:01

by Alexander » 2015-12-26 18:35

Fix more complicated is to have middle level you take PDF from folders secure and authenticated session demanding applies before returning it. But it depends on how complex Your code base.

Which, by the way, is the Foundation of the MVC design pattern.
Alexander
 
Posts: 76
Joined: 2011-02-20 5:25

by Cameron » 2015-12-27 11:10

If you put outside the directory (in your vhost configuration) then the browser cilent does not have access to the same period. If you give to the apache user rights to that directory, the server can recover them (as say, through open service, low level php file) rather than direct linking. In PHP then add authentication to protect reaching recovery code.
Cameron
 
Posts: 61
Joined: 2012-04-28 5:34


Return to Programming Tutorials

cron