Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Web-App-Sec
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Re: Securing PDF file on a Website

from [Auri Rahimzadeh] Network Security [Permanent Link]
Subject: RE: Re: Securing PDF file on a Website
Date: Sat, 23 Jul 2005 08:58:23 -0500 
Of course, combining the ACL approach (specific username(s) to address
particular pages) and streaming the PDF document, as well as using SSL and
user certificates (and other suggestions you are bound to read on this
thread) works even better :) 

And if you don't want anyone to have online access (well, until it's scanned
or posted online anyway), you could just print it out or put it on a CD and
hand it to somebody (but don't send it in the mail, fedex, etc. as we've
seen what happens there).

Best,

-Auri

---
Geek Your Ride! http://www.GeekMyRide.net

-----Original Message-----
From: andres.desa@paladion.net [mailto:andres.desa@paladion.net] 
Sent: Saturday, July 23, 2005 6:02 AM
To: webappsec@securityfocus.com
Subject: Re: Re: Securing PDF file on a Website

Streaming a PDF file to the user`s browser will help in adding an
authentication mechanism. 

A script file can be called to stream the PDF file. This script should
authenticate the user based upon the credentials supplied. Also, this script
can add cache-control headers, which will prevent the PDF file being stored
in the local cache on the user's machine.

A whitepaper discussing these issues is available at
http://www.paladion.net/papers/Document_Security_in_Web_Applications.pdf


Andres Desa
Paladion Networks,
Mumbai - India

Application Security Magazine
http://palisade.paladion.net
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: [1/2OT] Training for web-apps and db security, Richard Lindberg
Next by Date:  RE: [1/2OT] Training for web-apps and db security, Gerald Quakenbush
Previous by Thread:  Re: Re: Securing PDF file on a Website, andres . desa
Next by Thread:  (semi-OT): Correct definition of the DES OFB?, Saqib Ali
Indexes:  [Date] [Thread] [Top] [All Lists]