MIDRANGE dot COM Mailing List Archive



Home » MIDRANGE-L » January 2014

Re: Web-to-i Communications questions



fixed

You know what they say about assuming... :)

Given that the OP is new to web side and that the PDFs already exist on the
i, it seems safer to reiterate that he would not want to make the PDFs
available directly like you might a static HTML page.

Charles


On Tue, Jan 21, 2014 at 9:21 AM, Bradley Stone <bvstone@xxxxxxxxx> wrote:

I'm sorry. I think some are misunderstanding or reading too much (or
little) into what I meant by a "link to a PDF".

Its not a direct link into the bowels of the machine that is available to
everyone without any security.

We've seen many examples of links to PDFs with sensitive information as I
explained before (ie statements from banks, credit cards, etc).

Use those as an example, don't assume that it was just a static link to an
unsecured server. As a developer its your job to use the proper security
methods. I would hope that would be assumed by now.

Brad
www.bvstools.com


On Tue, Jan 21, 2014 at 8:14 AM, Bradley Stone <bvstone@xxxxxxxxx> wrote:

Yes. They would be available. That's the point, so they can view the
PDF. :)

Millions of emails go out a day with links to credit card and bank
statements, investments, etc. Most don't think twice about using them
because there is security involved. It's not just open to the world.

Also, the PDFs could be generated "on the fly" so the link to the PDF
isn't a direct link to it, but a link with data that will create the
file.
Or even copying the PDF from a secure directory to a temp directory
while
it's being viewed. There are a lot of options.

A link to a PDF doesn't mean anyone can click it and it starts
downloading.

It's up to the application developers to add security and/or complexity
and tell crawlers to stay away.


--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.







Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2014 by MIDRANGE dot COM and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available here. If you have questions about this, please contact