Re: Non HTML file protection - OS X (webstar or apache)
This WebDNA talk-list message is from 2002
It keeps the original formatting.
numero = 44318
interpreted = N
texte = I'm sure I'm missing vast portions of what your're talking about, but Ithink I would devise a system where the user can't access the PDF'sdirectly.I would have one download page, that authenticated the user.Then, on that page I would show the user links to their pdf's each linkwould be the encrypted name of the file, or something and would be a link toanother page.That page would[if][user] owns [decrypted]pdf[copy] [decrypted] pdf to 'sometempfilename.pdf'[redirect somefilename.pdf][/if]Something like that.On 10/23/02 2:21 PM, Dan Keldsen mashed the following keys :> Aaron,> > Thanks for the response, but .htaccess is not a fine enough control, unless> things have radically changed with .htaccess over the years and I'm missing> those details.> > My understanding of .htaccess, is:> 1. no way to tie it into webcatalog> 2. you protect a directory, rather than individual pieces within the directory> (see example below)> 3. I'm using session management (cookies, and back-end tracking) to> determine who is logged in and what access they should have, that does NOT use> the standard basic authentication browser mechanisms, therefore not possible> to seamlessly integrate (from user experience) moving between the two login> systems> > Therefore, managing different levels of access to collections of documents> isn't possible with simple realm protection, but I could be wrong.> > MORE DETAILS:> What I'm talking about is we have thousands of PDFs and MOVs, as well as> webcatalog db served information, and people buy slices of these> collections.> > FOR EXAMPLE:> One buyer purchases report a> > One buyer purchases report b> > One buyer purchases both report a and report b as a combination offering,> also gets access to some limited database-served information> > One buyer purchases all reports a-z gets access to everything - PDFs, MOVs,> databases> > Using John Hill's plugin, I essentially set up product groupings, and specify:> IF> buyer purchases all reports a-z, allow access to everything (files/dbs)> ELSE> IF> buyer purchases both report a and report b, allow access to those and> access to some limited database-served information> ELSE> IF> buyer purchases report b, allow access to just that> ELSE> IF> buyer purchases report a, allow access to just that> ENDIF> > Basically, there are a number of superset/subset relationships that we have> built-up in our system, that John's plugin handles quite well and without> duplicating either the access database, or the files that need to be> protected. So, what we're looking for is either additional functionality in> webcatalog directly, that intercepts calls for certain PDFs, MOVs, images, and> HTML formatted reports, in the same way that we can restrict access to> specific native webcatalog dbs.> > Is that a more useful explanation of the issue?-------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list
.To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://search.smithmicro.com/
Associated Messages, from the most recent to the oldest:
I'm sure I'm missing vast portions of what your're talking about, but Ithink I would devise a system where the user can't access the PDF'sdirectly.I would have one download page, that authenticated the user.Then, on that page I would show the user links to their pdf's each linkwould be the encrypted name of the file, or something and would be a link toanother page.That page would[if][user] owns [decrypted]pdf[copy] [decrypted] pdf to 'sometempfilename.pdf'[redirect somefilename.pdf][/if]Something like that.On 10/23/02 2:21 PM, Dan Keldsen mashed the following keys :> Aaron,> > Thanks for the response, but .htaccess is not a fine enough control, unless> things have radically changed with .htaccess over the years and I'm missing> those details.> > My understanding of .htaccess, is:> 1. no way to tie it into webcatalog> 2. you protect a directory, rather than individual pieces within the directory> (see example below)> 3. I'm using session management (cookies, and back-end tracking) to> determine who is logged in and what access they should have, that does NOT use> the standard basic authentication browser mechanisms, therefore not possible> to seamlessly integrate (from user experience) moving between the two login> systems> > Therefore, managing different levels of access to collections of documents> isn't possible with simple realm protection, but I could be wrong.> > MORE DETAILS:> What I'm talking about is we have thousands of PDFs and MOVs, as well as> webcatalog db served information, and people buy slices of these> collections.> > FOR EXAMPLE:> One buyer purchases report a> > One buyer purchases report b> > One buyer purchases both report a and report b as a combination offering,> also gets access to some limited database-served information> > One buyer purchases all reports a-z gets access to everything - PDFs, MOVs,> databases> > Using John Hill's plugin, I essentially set up product groupings, and specify:> IF> buyer purchases all reports a-z, allow access to everything (files/dbs)> ELSE> IF> buyer purchases both report a and report b, allow access to those and> access to some limited database-served information> ELSE> IF> buyer purchases report b, allow access to just that> ELSE> IF> buyer purchases report a, allow access to just that> ENDIF> > Basically, there are a number of superset/subset relationships that we have> built-up in our system, that John's plugin handles quite well and without> duplicating either the access database, or the files that need to be> protected. So, what we're looking for is either additional functionality in> webcatalog directly, that intercepts calls for certain PDFs, MOVs, images, and> HTML formatted reports, in the same way that we can restrict access to> specific native webcatalog dbs.> > Is that a more useful explanation of the issue?-------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://search.smithmicro.com/
Aaron Lynch
DOWNLOAD WEBDNA NOW!
Top Articles:
Talk List
The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...
Related Readings:
WebCatalog can't find database (1997)
A question on sub-categories (1997)
Shipping Calc - done (1998)
I try hard to think positively (1998)
Country & Ship-to address & other fields ? (1997)
Domain serial issue (2008)
problem serving foreign languages text (1997)
WebCatalog can't find database (1997)
Re:E-Mailer (WebCatb15acgiMac) (1997)
Storing Data (2002)
Online reference (1997)
[Webcat 2]Next (1997)
Next X hits (1996)
Is this possible, WebCat2.0 and checkboxes (1997)
webcat2b12 CGI -- Date comparisons (1997)
cookie length (1998)
[ListFiles] Within [LineItems] (2001)
Nested vs conditional (1997)
Autonumber in Table (2006)
Emailer help....! (1997)