Hidding the status and or Address Bar

[TonyU]

I have set up access to a client to view their invoices creating a pdf file. Here's my problem.
Say one of my pdf's is named 156489.pdf
then I typed in the address bar 156490.pdf as you can see changing 89 to 90 then I'm able to see someone else's invoice and I need to prevent that.

I don't know anything about Secure Socket Layer (SSL) but what would you guys suggest for me to do.

I'm looking for the best possible way of doing this with the at most security with what we have.
Tony

 

[TonyU]

And if I posted this question in the wrong forum, please let me know. Tony

 

[yandso]

One way you could secure this is by making the person log on. Then check there login on every page to make sure they have access. Another not so secure way is to check where they are comming from. That way if they are not comming from where they should be you can bounce them out.

 

[TonyU]

As of now, they not only log in but they can also be bounced out if they type the address directly without loging in first.
Since these are individual clients and I'm housing all individual accounts in the same folder, someone could simply type a different number and view someone else's invoice. Tony

 

[yandso]

I see. One possiblity would be to have your pdf included from an include file. That way you do not have to show them the file name. And as for the status bar you can set that to be blank with javascript.

Roj

 

[TonyU]

Your include file idea sounds great, I'll give a shot. Tony