I'm sorry. I think some are misunderstanding or reading too much (or
little) into what I meant by a "link to a PDF".
Its not a direct link into the bowels of the machine that is available to
everyone without any security.
We've seen many examples of links to PDFs with sensitive information as I
explained before (ie statements from banks, credit cards, etc).
Use those as an example, don't assume that it was just a static link to an
unsecured server. As a developer its your job to use the proper security
methods. I would hope that would be assumed by now.
On Tue, Jan 21, 2014 at 8:14 AM, Bradley Stone <bvstone@xxxxxxxxx> wrote:
Yes. They would be available. That's the point, so they can view the
Millions of emails go out a day with links to credit card and bank
statements, investments, etc. Most don't think twice about using them
because there is security involved. It's not just open to the world.
Also, the PDFs could be generated "on the fly" so the link to the PDF
isn't a direct link to it, but a link with data that will create the file.
Or even copying the PDF from a secure directory to a temp directory while
it's being viewed. There are a lot of options.
A link to a PDF doesn't mean anyone can click it and it starts
It's up to the application developers to add security and/or complexity
and tell crawlers to stay away.