Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

secure download of pdf files

Status
Not open for further replies.
cb49747

cb49747

MIS
Apr 23, 2002
181
0
0
US
I have a site which requires a username and password to access. With in this site is some directories with pdf files.

I use perl to decide what pdf files to display and links to them for downloading based on there username.

This works great, however if some were to find out the name of one of the pdf files they do not have access to, they could in theory download it.

Now I have listing turned off in apache, and the file names are random when created, so it is unlikely but not impossible.

I can tell apache to only allow the localhost to access these directories, this allows for perl to get the file names and list them, however the downloading will not work. So if I can get perl on the local host to grab the file and then display it, the above would work for me.

So my question is -> is there some way in perl to grab a file and display it for downloading?

Or if I'm just going about this all wrong and someone knows a better way I would appreciate getting pointed in the right direction.
 
Sort by date Sort by votes
So after some thinking I did this.

I set the following in the Apache web server

Code: 
<Directory "/some/folder/name/">
    order deny,allow
    deny from all
    allow from localhost
</Directory>

This in essence allowed only programs on the local machine to access the directory.

Then I place this in my Perl program

Code: 
my $file = param('file');
my @filename = split(/\//,$file);
my $fn  = pop @filename;

open(DLFILE, "<$public_dir_local/investors/$file");  
  @fileholder = <DLFILE>;  
close (DLFILE);

print "Content-Type:application/x-download\n";  
print "Content-Disposition:attachment;filename=$fn\n\n";
print @fileholder;

This seems to accomplish what I want. I would like to know if this is the best way to accomplish this, or is there a more efficient way of doing it. And is this really secure?

Thanks.
 
Upvote 0 Downvote
Put your pdf files in a non web accesible folder, a folder above the public_html folder. That way they can not be accessed via an http connection, but your perl script will be able to open them and download them to a client. The server directive is OK but I have heard they are not all that secure, although I don't know how to get around them myself.

------------------------------------------
- Kevin, perl coder unexceptional! [wiggle]
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Limbomusic
  • Locked
  • Question
Perl files getting accessed directly
Replies
0
Views
69
Limbomusic
Limbomusic
Anurag Sinha
  • Locked
  • Question
calling perl script on click of the button
Replies
0
Views
68
Anurag Sinha
Anurag Sinha
pendle666
  • Locked
  • Question
Update Perl Script to latest version of Perl
Replies
1
Views
72
feherke
feherke
Tester_V
  • Locked
  • Question
Need to sum all numbers in in all files (separately) in a directory 1
Replies
2
Views
74
Tester_V
Tester_V
audiopro
  • Locked
  • Question
Accessing files across a network
Replies
1
Views
54
audiopro
audiopro

Part and Inventory Search

Sponsor

Back
Top