Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Web-App-Sec
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Securing PDF file on a Website

from [focus] Network Security [Permanent Link]
Subject: Re: Securing PDF file on a Website
Date: Sat, 23 Jul 2005 17:07:06 +0100 (BST) 

If you just want to limit access on a once-per-user basis, 
by their email address, you could try the following.

Generate a unique session ID for that particular user, when 
they request access to the pdf file, on your website.

Save that session ID in a database table for user 
authentication.

Email a link to the user, with the session ID in the URL.

When the user clicks on the URL you emailed to them, for 
access to the particular file, check the session ID in the 
URL with the session ID in the authorisation database.

If the session ID exists in the database, allow access to 
the file. Keep some other columns in the table for admin 
purposes. Eg. some sort of time limits, or access limits.

When the user has accessed the file, delete the record with 
the session ID from the database.

If the user tries to access the file, after a certain time 
constraint, or number of accesses has been reached, then 
they will be prohibited from accessing it.

Or, just generate a unique password for accessing the pdf 
file, and email that to all users. Change the password as 
often as required, eg. weekly, fortnightly.

Store the generated password in a database for login 
authorisation.

Check the password supplied by the user, with the stored 
password in the database, to see if they are matching.
If they do, allow access to the file.

HTH - Keith Roberts

http://www.karsites.net/

SPDTool - an idea for a structured open source development
CASE tool. Find out more at the above link!


On Sat, 23 Jul 2005 echow@videotron.ca wrote:


To: webappsec@securityfocus.com
From: echow@videotron.ca
Subject: Securing PDF file on a Website

To all:

Is there a way that I can add access to a pdf file to a 
website in a secure way? What I was thinking was to 
require user name and password to access this very 
confidential file. I was also thinking about requiring the 
use of tokens and/or certificates.

The user group for this application is pretty low tech so 
my challenge is to come up with something that is secure 
but really straightforward to use.

Any thoughts on how I would implement this would be most 
appreciated.

Regards,



Edmond
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: [1/2OT] Training for web-apps and db security, Gerald Quakenbush
Next by Date:  RE: [1/2OT] Training for web-apps and db security, bizmaninatl
Previous by Thread:  Re: Securing PDF file on a Website, Kurt Seifried
Next by Thread:  Re: Securing PDF file on a Website, Paul Laudanski
Indexes:  [Date] [Thread] [Top] [All Lists]