Question

I am currently working on a project which can be best described as a online pdf library.

Users can log in and see a list of pdfs available. The user can click on one to 'check it out'

this then allows them to have access to view a pdf file for a specific time period after which it is no longer accessible.

there are two important rules:

  1. The user can only view the pdf through the website and cannot copy it
  2. After the time expires the user can no longer view the pdf

I was thinking of using swftools to convert the pdf to swf to disable the user from saving the pdf. But I still have a security issue:

how do I display a swf in browser without revealing its location?

thankyou for taking the time to answer this question. Please let me know if i need to specify anything.

No correct solution

OTHER TIPS

Use a timed URL. Here's the insecure version:

  http://www.example.com?file=123&expires=2014-03-06

Now, to be less obvious, encode those two params into one variable and make it look like the filename:

  http://www.example.com/123-2014-03-06.pdf

But go one step further and hash/encode the values into something like a guid.

You can also do this on the server-side, by issuing a real guid and associating a filename and expiration time with that value.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top