Re: Non HTML file protection - OS X (webstar or apache)

This WebDNA talk-list message is from

2002


It keeps the original formatting.
numero = 44318
interpreted = N
texte = I'm sure I'm missing vast portions of what your're talking about, but I think I would devise a system where the user can't access the PDF's directly.I would have one download page, that authenticated the user.Then, on that page I would show the user links to their pdf's each link would be the encrypted name of the file, or something and would be a link to another page. That page would[if] [user] owns [decrypted]pdf[copy] [decrypted] pdf to 'sometempfilename.pdf' [redirect somefilename.pdf] [/if]Something like that.On 10/23/02 2:21 PM, Dan Keldsen mashed the following keys :> Aaron, > > Thanks for the response, but .htaccess is not a fine enough control, unless > things have radically changed with .htaccess over the years and I'm missing > those details. > > My understanding of .htaccess, is: > 1. no way to tie it into webcatalog > 2. you protect a directory, rather than individual pieces within the directory > (see example below) > 3. I'm using session management (cookies, and back-end tracking) to > determine who is logged in and what access they should have, that does NOT use > the standard basic authentication browser mechanisms, therefore not possible > to seamlessly integrate (from user experience) moving between the two login > systems > > Therefore, managing different levels of access to collections of documents > isn't possible with simple realm protection, but I could be wrong. > > MORE DETAILS: > What I'm talking about is we have thousands of PDFs and MOVs, as well as > webcatalog db served information, and people buy slices of these > collections. > > FOR EXAMPLE: > One buyer purchases report a > > One buyer purchases report b > > One buyer purchases both report a and report b as a combination offering, > also gets access to some limited database-served information > > One buyer purchases all reports a-z gets access to everything - PDFs, MOVs, > databases > > Using John Hill's plugin, I essentially set up product groupings, and specify: > IF > buyer purchases all reports a-z, allow access to everything (files/dbs) > ELSE > IF > buyer purchases both report a and report b, allow access to those and > access to some limited database-served information > ELSE > IF > buyer purchases report b, allow access to just that > ELSE > IF > buyer purchases report a, allow access to just that > ENDIF > > Basically, there are a number of superset/subset relationships that we have > built-up in our system, that John's plugin handles quite well and without > duplicating either the access database, or the files that need to be > protected. So, what we're looking for is either additional functionality in > webcatalog directly, that intercepts calls for certain PDFs, MOVs, images, and > HTML formatted reports, in the same way that we can restrict access to > specific native webcatalog dbs. > > Is that a more useful explanation of the issue? ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://search.smithmicro.com/ Associated Messages, from the most recent to the oldest:

    
  1. Re: Non HTML file protection - OS X (webstar or apache) (Dan Keldsen 2002)
  2. Re: Non HTML file protection - OS X (webstar or apache) (Aaron Lynch 2002)
  3. Re: Non HTML file protection - OS X (webstar or apache) (Dan Keldsen 2002)
  4. Re: Non HTML file protection - OS X (webstar or apache) (Aaron Lynch 2002)
  5. Non HTML file protection - OS X (webstar or apache) (Dan Keldsen 2002)
I'm sure I'm missing vast portions of what your're talking about, but I think I would devise a system where the user can't access the PDF's directly.I would have one download page, that authenticated the user.Then, on that page I would show the user links to their pdf's each link would be the encrypted name of the file, or something and would be a link to another page. That page would[if] [user] owns [decrypted]pdf[copy] [decrypted] pdf to 'sometempfilename.pdf' [redirect somefilename.pdf] [/if]Something like that.On 10/23/02 2:21 PM, Dan Keldsen mashed the following keys :> Aaron, > > Thanks for the response, but .htaccess is not a fine enough control, unless > things have radically changed with .htaccess over the years and I'm missing > those details. > > My understanding of .htaccess, is: > 1. no way to tie it into webcatalog > 2. you protect a directory, rather than individual pieces within the directory > (see example below) > 3. I'm using session management (cookies, and back-end tracking) to > determine who is logged in and what access they should have, that does NOT use > the standard basic authentication browser mechanisms, therefore not possible > to seamlessly integrate (from user experience) moving between the two login > systems > > Therefore, managing different levels of access to collections of documents > isn't possible with simple realm protection, but I could be wrong. > > MORE DETAILS: > What I'm talking about is we have thousands of PDFs and MOVs, as well as > webcatalog db served information, and people buy slices of these > collections. > > FOR EXAMPLE: > One buyer purchases report a > > One buyer purchases report b > > One buyer purchases both report a and report b as a combination offering, > also gets access to some limited database-served information > > One buyer purchases all reports a-z gets access to everything - PDFs, MOVs, > databases > > Using John Hill's plugin, I essentially set up product groupings, and specify: > IF > buyer purchases all reports a-z, allow access to everything (files/dbs) > ELSE > IF > buyer purchases both report a and report b, allow access to those and > access to some limited database-served information > ELSE > IF > buyer purchases report b, allow access to just that > ELSE > IF > buyer purchases report a, allow access to just that > ENDIF > > Basically, there are a number of superset/subset relationships that we have > built-up in our system, that John's plugin handles quite well and without > duplicating either the access database, or the files that need to be > protected. So, what we're looking for is either additional functionality in > webcatalog directly, that intercepts calls for certain PDFs, MOVs, images, and > HTML formatted reports, in the same way that we can restrict access to > specific native webcatalog dbs. > > Is that a more useful explanation of the issue? ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://search.smithmicro.com/ Aaron Lynch

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

WebCatalog can't find database (1997) A question on sub-categories (1997) Shipping Calc - done (1998) I try hard to think positively (1998) Country & Ship-to address & other fields ? (1997) Domain serial issue (2008) problem serving foreign languages text (1997) WebCatalog can't find database (1997) Re:E-Mailer (WebCatb15acgiMac) (1997) Storing Data (2002) Online reference (1997) [Webcat 2]Next (1997) Next X hits (1996) Is this possible, WebCat2.0 and checkboxes (1997) webcat2b12 CGI -- Date comparisons (1997) cookie length (1998) [ListFiles] Within [LineItems] (2001) Nested vs conditional (1997) Autonumber in Table (2006) Emailer help....! (1997)