tags:

views:

81

answers:

4
+1  Q: 

Show pdf only to authentificated users

Hello,

I'm building a web site from the old one and i need to show a lot of .pdf files.

I need users to get authenficated before the can't see any of my .pdf but i don't know how (and i can't put my pdf in my database).

I'm using Pylons with Python.

Thank for you help.

If you have any question, ask me! :)

+2  A: 

You want to use the X-Sendfile header to send those files. Precise details will depend on which Http server you're using.

Paul McMillan  2010-10-20 18:03:21
+2  A: 

Paul's suggestion of X-Sendfile is excellent - this is truly a great way to deal with actually getting the document back to the user. (+1 for Paul :)

As for the front end, do something like this:

  1. Store your pdfs somewhere not accessible by the web (say /secure)
  2. Offer a URL that looks like /unsecure/filename.pdf
  3. Have your HTTP server (if it's Apache, see Mod Rewrite) convert that link into /normal/php/path/authenticator.php?file=filename.pdf
  4. authenticator.php confirms that the file exists, that the user is legit (i.e. via a cookie), and then uses X-Sendfile to return the PDF.
Ryley  2010-10-20 18:15:49
For Pylons you would do all this is the routing/controllers, obviously :)
Ben  2010-10-21 00:08:13
@Ben - yeah, if you actually know how to do that in Pylons, I'll upvote ya... I'm not a Python or Pylons programmer :)
Ryley  2010-10-21 15:14:20
+3  A: 

Here's my stab at how to do it in Pylons. I haven't tested this but there should be enough links to get you going.

  1. Enable X-SendFile on your HTTP server (as Paul said, the implementation depends on the server): Apache mod_xsendfile, Nginx equivalent
  2. Put the PDFs outside the /public directory in your Pylons install (I'd suggest a directory at the same level as your Pylons directory)
  3. Add some kind of Authentication and Authorization to your site. Here is a good article on how you use repoze.who (Authentication) and repoze.what (Authorization)
  4. Create a route and controller to handle the request for your PDF, this is like any other route and controller. (ie a route of /pdfs/{filename}.pdf)
  5. If everything is authorized and authenticated properly you can create the right headers for the x-sendfile (or equivalent) you are using.
Ben  2010-10-25 01:07:25
A: 

Maybe filename with md5 key will be enough?

48cd84ab06b0a18f3b6e024703cfd246-myfilename.pdf

You can use filename and datetime.now to generate md5 key.

pziewiec  2010-10-26 15:46:31

related questions

Autosizing Textarea
Regular expression for parsing links from a webpage?
What are good tools for creating compiled HTML help files (.chm)?
Looking for WYSIWYG HTML editor
Any reason not to start using the HTML 5 doctype?
HTML comments break down
HTML Comments Markup
Setting a div's height in HTML with CSS
Wrapping lists into columns
Is a "Confirm Email" input good practice when user changes email address?
<XMP> Tag
HTML version choice
Options for HTML scraping?
How do you disable browser Autocomplete on web form field / input tag?
How do I make a checkbox toggle from clicking on the text label as well?
Html CSS Editor
Wordpress theme development offline tools
How do I give my web sites an icon for iPhone?
In HTML, how to word-break on a dash?
Detecting font in JavaScript
How do you test layout design across multiple browsers/OSs?
How do I print an HTML document from a web service?
Multiple submit buttons on a HTML form
How can I determine a web user's time zone?
Why doesn't the percentage width child in absolutely positioned parent work in IE7?