You know what they say about assuming... :)

Given that the OP is new to web side and that the PDFs already exist on the
i, it seems safer to reiterate that he would not want to make the PDFs
available directly like you might a static HTML page.


On Tue, Jan 21, 2014 at 9:21 AM, Bradley Stone <bvstone@xxxxxxxxx> wrote:

I'm sorry. I think some are misunderstanding or reading too much (or
little) into what I meant by a "link to a PDF".

Its not a direct link into the bowels of the machine that is available to
everyone without any security.

We've seen many examples of links to PDFs with sensitive information as I
explained before (ie statements from banks, credit cards, etc).

Use those as an example, don't assume that it was just a static link to an
unsecured server. As a developer its your job to use the proper security
methods. I would hope that would be assumed by now.


On Tue, Jan 21, 2014 at 8:14 AM, Bradley Stone <bvstone@xxxxxxxxx> wrote:

Yes. They would be available. That's the point, so they can view the
PDF. :)

Millions of emails go out a day with links to credit card and bank
statements, investments, etc. Most don't think twice about using them
because there is security involved. It's not just open to the world.

Also, the PDFs could be generated "on the fly" so the link to the PDF
isn't a direct link to it, but a link with data that will create the
Or even copying the PDF from a secure directory to a temp directory
it's being viewed. There are a lot of options.

A link to a PDF doesn't mean anyone can click it and it starts

It's up to the application developers to add security and/or complexity
and tell crawlers to stay away.

This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives

This thread ...


Return to Archive home page | Return to MIDRANGE.COM home page