Re: Non HTML file protection - OS X (webstar or apache)

This WebDNA talk-list message is from

2002


It keeps the original formatting.
numero = 44318
interpreted = N
texte = I'm sure I'm missing vast portions of what your're talking about, but I think I would devise a system where the user can't access the PDF's directly.I would have one download page, that authenticated the user.Then, on that page I would show the user links to their pdf's each link would be the encrypted name of the file, or something and would be a link to another page. That page would[if] [user] owns [decrypted]pdf[copy] [decrypted] pdf to 'sometempfilename.pdf' [redirect somefilename.pdf] [/if]Something like that.On 10/23/02 2:21 PM, Dan Keldsen mashed the following keys :> Aaron, > > Thanks for the response, but .htaccess is not a fine enough control, unless > things have radically changed with .htaccess over the years and I'm missing > those details. > > My understanding of .htaccess, is: > 1. no way to tie it into webcatalog > 2. you protect a directory, rather than individual pieces within the directory > (see example below) > 3. I'm using session management (cookies, and back-end tracking) to > determine who is logged in and what access they should have, that does NOT use > the standard basic authentication browser mechanisms, therefore not possible > to seamlessly integrate (from user experience) moving between the two login > systems > > Therefore, managing different levels of access to collections of documents > isn't possible with simple realm protection, but I could be wrong. > > MORE DETAILS: > What I'm talking about is we have thousands of PDFs and MOVs, as well as > webcatalog db served information, and people buy slices of these > collections. > > FOR EXAMPLE: > One buyer purchases report a > > One buyer purchases report b > > One buyer purchases both report a and report b as a combination offering, > also gets access to some limited database-served information > > One buyer purchases all reports a-z gets access to everything - PDFs, MOVs, > databases > > Using John Hill's plugin, I essentially set up product groupings, and specify: > IF > buyer purchases all reports a-z, allow access to everything (files/dbs) > ELSE > IF > buyer purchases both report a and report b, allow access to those and > access to some limited database-served information > ELSE > IF > buyer purchases report b, allow access to just that > ELSE > IF > buyer purchases report a, allow access to just that > ENDIF > > Basically, there are a number of superset/subset relationships that we have > built-up in our system, that John's plugin handles quite well and without > duplicating either the access database, or the files that need to be > protected. So, what we're looking for is either additional functionality in > webcatalog directly, that intercepts calls for certain PDFs, MOVs, images, and > HTML formatted reports, in the same way that we can restrict access to > specific native webcatalog dbs. > > Is that a more useful explanation of the issue? ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://search.smithmicro.com/ Associated Messages, from the most recent to the oldest:

    
  1. Re: Non HTML file protection - OS X (webstar or apache) (Dan Keldsen 2002)
  2. Re: Non HTML file protection - OS X (webstar or apache) (Aaron Lynch 2002)
  3. Re: Non HTML file protection - OS X (webstar or apache) (Dan Keldsen 2002)
  4. Re: Non HTML file protection - OS X (webstar or apache) (Aaron Lynch 2002)
  5. Non HTML file protection - OS X (webstar or apache) (Dan Keldsen 2002)
I'm sure I'm missing vast portions of what your're talking about, but I think I would devise a system where the user can't access the PDF's directly.I would have one download page, that authenticated the user.Then, on that page I would show the user links to their pdf's each link would be the encrypted name of the file, or something and would be a link to another page. That page would[if] [user] owns [decrypted]pdf[copy] [decrypted] pdf to 'sometempfilename.pdf' [redirect somefilename.pdf] [/if]Something like that.On 10/23/02 2:21 PM, Dan Keldsen mashed the following keys :> Aaron, > > Thanks for the response, but .htaccess is not a fine enough control, unless > things have radically changed with .htaccess over the years and I'm missing > those details. > > My understanding of .htaccess, is: > 1. no way to tie it into webcatalog > 2. you protect a directory, rather than individual pieces within the directory > (see example below) > 3. I'm using session management (cookies, and back-end tracking) to > determine who is logged in and what access they should have, that does NOT use > the standard basic authentication browser mechanisms, therefore not possible > to seamlessly integrate (from user experience) moving between the two login > systems > > Therefore, managing different levels of access to collections of documents > isn't possible with simple realm protection, but I could be wrong. > > MORE DETAILS: > What I'm talking about is we have thousands of PDFs and MOVs, as well as > webcatalog db served information, and people buy slices of these > collections. > > FOR EXAMPLE: > One buyer purchases report a > > One buyer purchases report b > > One buyer purchases both report a and report b as a combination offering, > also gets access to some limited database-served information > > One buyer purchases all reports a-z gets access to everything - PDFs, MOVs, > databases > > Using John Hill's plugin, I essentially set up product groupings, and specify: > IF > buyer purchases all reports a-z, allow access to everything (files/dbs) > ELSE > IF > buyer purchases both report a and report b, allow access to those and > access to some limited database-served information > ELSE > IF > buyer purchases report b, allow access to just that > ELSE > IF > buyer purchases report a, allow access to just that > ENDIF > > Basically, there are a number of superset/subset relationships that we have > built-up in our system, that John's plugin handles quite well and without > duplicating either the access database, or the files that need to be > protected. So, what we're looking for is either additional functionality in > webcatalog directly, that intercepts calls for certain PDFs, MOVs, images, and > HTML formatted reports, in the same way that we can restrict access to > specific native webcatalog dbs. > > Is that a more useful explanation of the issue? ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://search.smithmicro.com/ Aaron Lynch

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

WebDNA tags in WebMerchant email templates ... (1997) You *can!!* overwrite username/password using an HTML form. Also, experts *please* see Q at end (2000) Interfacing WebMerchant to www.fedex.com (1997) Server IP address (2004) [random] only for 1-100??? (1997) still having shipCost.db Problem (1997) Migrating to NT (1997) No Wanna Duppys (1998) Webcat table size. (2001) PIXO support (1997) Review comparison by PC Magazine: Open for On-line Business (1997) WebCat2b13MacPlugIn - [include] doesn't allow creator (1997) $Append for Users outside the ADMIN group (1997) Off Topic - OS X web server, FTP accounts (2003) Country & Ship-to address & other fields ? (1997) OK, here goes... (1997) [referrer] tag (1997) Exclamation point (1997) help with duplicate records posted (1998) [WebDNA] Emailer breaking format (2015)