Re: ? about protecting resources

Fri, 12 Jan 2001 11:56:15 -0800 

oh man , these r pretty huge pdfs.  I dont think anyone wants to rewrite them in a 
jsps or servlets

In a message dated Fri, 12 Jan 2001  2:08:31 PM Eastern Standard Time, Alec Belsky 
<[EMAIL PROTECTED]> writes:

<< just keep the file outside the webserver
and have a servlet send it to them using this content type if they have the
proper access
    Content-Type:  application/pdf




> Hi, we have some pdf's on our server- sensitive info. Right now u can
enter url that hits those pdf's directly and download them. That is not good
ofcourse we need security. Need to check if they are currently logged in, or
atleast if they have our cookies with a uid and pw on it. Ofcourse there is
basic authentication, but we want to avoid that for that ugly pop up login
screen. So wondering from the webserver level, if there is a way that you
can protect directory, with the criteria for accessing that directory being
a session cookie. Is there a module you can configure, u can tell it what
cookie to look for (eg. sessionid), maybe even see of that sessionid is
currently valid. Any other possibilites to do it without basic auth and
those pop up logins. Thanks, Jake
>
>
___________________________________________________________________________
> To unsubscribe, send email to [EMAIL PROTECTED] and include in the
body
> of the message "signoff SERVLET-INTEREST".
>
> Archives: http://archives.java.sun.com/archives/servlet-interest.html
> Resources: http://java.sun.com/products/servlet/external-resources.html
> LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
>

___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".

Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
 >>

___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".

Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html

Reply via email to