× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. January 2014

Re: Web-to-i Communications questions

Available via static or CGI, they're still "available" through a URL.

Sending them through a stream they're available to be intercepted.

Once on the client's PC, they're vulnerable as well (especially if they
play minecraft.. tic).

I didn't say put them on a public cloud drive and send them the link.. but
that (or something similar) was "assumed." :)



On Tue, Jan 21, 2014 at 12:05 PM, Charles Wilt <charles.wilt@xxxxxxxxx>wrote:

You know what they say about assuming... :)

Given that the OP is new to web side and that the PDFs already exist on the
i, it seems safer to reiterate that he would not want to make the PDFs
available directly like you might a static HTML page.

Charles


On Tue, Jan 21, 2014 at 9:21 AM, Bradley Stone <bvstone@xxxxxxxxx> wrote:

I'm sorry. I think some are misunderstanding or reading too much (or
little) into what I meant by a "link to a PDF".

Its not a direct link into the bowels of the machine that is available to
everyone without any security.

We've seen many examples of links to PDFs with sensitive information as I
explained before (ie statements from banks, credit cards, etc).

Use those as an example, don't assume that it was just a static link to
an
unsecured server. As a developer its your job to use the proper security
methods. I would hope that would be assumed by now.

Brad
www.bvstools.com


On Tue, Jan 21, 2014 at 8:14 AM, Bradley Stone <bvstone@xxxxxxxxx>
wrote:

Yes. They would be available. That's the point, so they can view the
PDF. :)

Millions of emails go out a day with links to credit card and bank
statements, investments, etc. Most don't think twice about using them
because there is security involved. It's not just open to the world.

Also, the PDFs could be generated "on the fly" so the link to the PDF
isn't a direct link to it, but a link with data that will create the
file.
Or even copying the PDF from a secure directory to a temp directory
while
it's being viewed. There are a lot of options.

A link to a PDF doesn't mean anyone can click it and it starts
downloading.

It's up to the application developers to add security and/or complexity
and tell crawlers to stay away.


--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.


--
This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing list
To post a message email: MIDRANGE-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/midrange-l
or email: MIDRANGE-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/midrange-l.



As an Amazon Associate we earn from qualifying purchases.

This thread ...
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.