Reputation: 1816
password token to view pdf
I know that the title can be better, but I don't know how to define my problem. my problem is the next, I'm not sure if it's possible to do, but i suppose that it is.
I have some .pdf online and i want to protect them for third people.
My idea, instead of assign a password and show an input like this:
I want to send the password (or token) in the path. something like
file.pdf?tpw=aaaa-bbb-dddd
Is it possible? I'm using C# to create the pdf.
edit: the case
I have an application which create a folder with some pdf, those pdf can be uploaded or created here with a form. (this part works)
All this documents are stored in internet (global access) then I want to prevent that 3rd people or search engines (I'm reading about this, it doesn't looks like a big problem)
Then here is the problem, i want to some users can access to some pdf, for example
- user K can access to pdf 33
- user j can access to pdf 54
but not k to 54, etc.
my idea is send to the user (they should access throw the link) something like "https://domain.com/pdf/33.pdf?password=222222" and without this password cant access.
if is not possible to do it, i can create an "intermediate page" to put the links there.
and send the url like "http://domain.com/pdf/view.chtml?id=33&password=222222"
edit: and prevent the access if they type https://domain.com/pdf/33.pdf
EDIT 2: SOLUTION (at least per now)
store into the database for each file
- filename - user(in md5) - token (in sha1)
send to the user a link like www.domain.com/api/showpdf.chtml?user=XXXXX&token=KKKKKKKKKKKKKKK
When the user clicks on that just check in the database by the user and the token if any file exist, if is this case show the file.
To solve the problem with the direct access, we are going to put the files out of "localhost" folders
Thanks for all.
Upvotes: 1
Views: 515
Answers (1)
Reputation: 31522
I don't think it is a good idea to GET your passwords, they will be visible, the password should only be sent once, start a user session in the server, which will then create a temporary ticket for the user, and this ticket should be sent on each request via POST.
Anyway, you'll need to use a database and store users, passwords, files, and per-file permissions for each user, you could use a file, but it's never a good idea to store the passwords in plain text. I guess you already have a database running, you'll only need to add a files and a per-file permissions table to it.
Also, you should never keep the real password in the database either, but just a checksum of it (SHA-1, or similar)
Upvotes: 1
Related Questions
- how can a password-protected PDF file be opened programmatically?
- Open a protected pdf file in python
- Password protecting a PDF file
- Open Password Protected PDF file within a viewer in android
- How to programatically open a PDF with a User password
- Opening a document non encrpted with a password
- Open a pdf with blank password with pdftk
- Set password for PDF file in IOS
- Prevent window of PDF from asking for Password
- How to open the password protected pdf using c#