Actually I have a TCPDF form, where users can generate a PDF.
Is there any way to grants this file only to whom generated the PDF?
It is quite complicated an user will find another PDF (he needs to find the exact filename based on a certain timestamp...), but it is quite dangerous...
Any idea?
Is there any way to grants this file only to whom generated the PDF?
It is quite complicated an user will find another PDF (he needs to find the exact filename based on a certain timestamp...), but it is quite dangerous...
Any idea?
Hi enzo.orsi,
Save the pdfs in a folder above the site root so that they are not directly accessible. Create a database table (it you don't already have it ) to link the user iD and the file name.
Check the table to see that the current user has access before sharing the files.
Bob
Save the pdfs in a folder above the site root so that they are not directly accessible. Create a database table (it you don't already have it ) to link the user iD and the file name.
Check the table to see that the current user has access before sharing the files.
Bob
Sorry, maybe I was not clear๐
I will not share any files...
I mean, I am afraid that some users will try to put in browser address the name of a document changing the timestamp...he needs to try several times, but maybe he can find and open a pdf...if he is lucky or if he has some tool to try several times...
What do you think? It is stupid?
I will not share any files...
I mean, I am afraid that some users will try to put in browser address the name of a document changing the timestamp...he needs to try several times, but maybe he can find and open a pdf...if he is lucky or if he has some tool to try several times...
What do you think? It is stupid?
HI enzo.orsi,
Yes it sensible - and the solution I suggested will work. You might also add a random string to the PDF name to make it harder to guess.
Bob
Yes it sensible - and the solution I suggested will work. You might also add a random string to the PDF name to make it harder to guess.
Bob
A part from hardness to guess...๐ ...I am not really sure I understood your solution...is it valid if someone will put the pdf name in the address bar in the browser?
Hi enzo.orsi,
No, if the files are in a folder above the site root, then they can't be accessed by URL.
Bob
No, if the files are in a folder above the site root, then they can't be accessed by URL.
Bob
Mmm...
For example you can open
But if you try to change the timestamp, you can access to another pdf created by another user...
I am wrong?
For example you can open
This is private content
But if you try to change the timestamp, you can access to another pdf created by another user...
I am wrong?
This topic is locked and no more replies can be posted.
