Re: Non HTML file protection - OS X (webstar or apache)
This WebDNA talk-list message is from 2002
It keeps the original formatting.
numero = 44318
interpreted = N
texte = I'm sure I'm missing vast portions of what your're talking about, but Ithink I would devise a system where the user can't access the PDF'sdirectly.I would have one download page, that authenticated the user.Then, on that page I would show the user links to their pdf's each linkwould be the encrypted name of the file, or something and would be a link toanother page.That page would[if][user] owns [decrypted]pdf[copy] [decrypted] pdf to 'sometempfilename.pdf'[redirect somefilename.pdf][/if]Something like that.On 10/23/02 2:21 PM, Dan Keldsen mashed the following keys :> Aaron,> > Thanks for the response, but .htaccess is not a fine enough control, unless> things have radically changed with .htaccess over the years and I'm missing> those details.> > My understanding of .htaccess, is:> 1. no way to tie it into webcatalog> 2. you protect a directory, rather than individual pieces within the directory> (see example below)> 3. I'm using session management (cookies, and back-end tracking) to> determine who is logged in and what access they should have, that does NOT use> the standard basic authentication browser mechanisms, therefore not possible> to seamlessly integrate (from user experience) moving between the two login> systems> > Therefore, managing different levels of access to collections of documents> isn't possible with simple realm protection, but I could be wrong.> > MORE DETAILS:> What I'm talking about is we have thousands of PDFs and MOVs, as well as> webcatalog db served information, and people buy slices of these> collections.> > FOR EXAMPLE:> One buyer purchases report a> > One buyer purchases report b> > One buyer purchases both report a and report b as a combination offering,> also gets access to some limited database-served information> > One buyer purchases all reports a-z gets access to everything - PDFs, MOVs,> databases> > Using John Hill's plugin, I essentially set up product groupings, and specify:> IF> buyer purchases all reports a-z, allow access to everything (files/dbs)> ELSE> IF> buyer purchases both report a and report b, allow access to those and> access to some limited database-served information> ELSE> IF> buyer purchases report b, allow access to just that> ELSE> IF> buyer purchases report a, allow access to just that> ENDIF> > Basically, there are a number of superset/subset relationships that we have> built-up in our system, that John's plugin handles quite well and without> duplicating either the access database, or the files that need to be> protected. So, what we're looking for is either additional functionality in> webcatalog directly, that intercepts calls for certain PDFs, MOVs, images, and> HTML formatted reports, in the same way that we can restrict access to> specific native webcatalog dbs.> > Is that a more useful explanation of the issue?-------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list
.To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://search.smithmicro.com/
Associated Messages, from the most recent to the oldest:
I'm sure I'm missing vast portions of what your're talking about, but Ithink I would devise a system where the user can't access the PDF'sdirectly.I would have one download page, that authenticated the user.Then, on that page I would show the user links to their pdf's each linkwould be the encrypted name of the file, or something and would be a link toanother page.That page would[if][user] owns [decrypted]pdf[copy] [decrypted] pdf to 'sometempfilename.pdf'[redirect somefilename.pdf][/if]Something like that.On 10/23/02 2:21 PM, Dan Keldsen mashed the following keys :> Aaron,> > Thanks for the response, but .htaccess is not a fine enough control, unless> things have radically changed with .htaccess over the years and I'm missing> those details.> > My understanding of .htaccess, is:> 1. no way to tie it into webcatalog> 2. you protect a directory, rather than individual pieces within the directory> (see example below)> 3. I'm using session management (cookies, and back-end tracking) to> determine who is logged in and what access they should have, that does NOT use> the standard basic authentication browser mechanisms, therefore not possible> to seamlessly integrate (from user experience) moving between the two login> systems> > Therefore, managing different levels of access to collections of documents> isn't possible with simple realm protection, but I could be wrong.> > MORE DETAILS:> What I'm talking about is we have thousands of PDFs and MOVs, as well as> webcatalog db served information, and people buy slices of these> collections.> > FOR EXAMPLE:> One buyer purchases report a> > One buyer purchases report b> > One buyer purchases both report a and report b as a combination offering,> also gets access to some limited database-served information> > One buyer purchases all reports a-z gets access to everything - PDFs, MOVs,> databases> > Using John Hill's plugin, I essentially set up product groupings, and specify:> IF> buyer purchases all reports a-z, allow access to everything (files/dbs)> ELSE> IF> buyer purchases both report a and report b, allow access to those and> access to some limited database-served information> ELSE> IF> buyer purchases report b, allow access to just that> ELSE> IF> buyer purchases report a, allow access to just that> ENDIF> > Basically, there are a number of superset/subset relationships that we have> built-up in our system, that John's plugin handles quite well and without> duplicating either the access database, or the files that need to be> protected. So, what we're looking for is either additional functionality in> webcatalog directly, that intercepts calls for certain PDFs, MOVs, images, and> HTML formatted reports, in the same way that we can restrict access to> specific native webcatalog dbs.> > Is that a more useful explanation of the issue?-------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://search.smithmicro.com/
Aaron Lynch
DOWNLOAD WEBDNA NOW!
Top Articles:
Talk List
The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...
Related Readings:
WebDNA tags in WebMerchant email templates ... (1997)
You *can!!* overwrite username/password using an HTML form. Also, experts *please* see Q at end (2000)
Interfacing WebMerchant to www.fedex.com (1997)
Server IP address (2004)
[random] only for 1-100??? (1997)
still having shipCost.db Problem (1997)
Migrating to NT (1997)
No Wanna Duppys (1998)
Webcat table size. (2001)
PIXO support (1997)
Review comparison by PC Magazine: Open for On-line Business (1997)
WebCat2b13MacPlugIn - [include] doesn't allow creator (1997)
$Append for Users outside the ADMIN group (1997)
Off Topic - OS X web server, FTP accounts (2003)
Country & Ship-to address & other fields ? (1997)
OK, here goes... (1997)
[referrer] tag (1997)
Exclamation point (1997)
help with duplicate records posted (1998)
[WebDNA] Emailer breaking format (2015)