Display PDF from database without caching
in [ASP]
|
Prev: ORA-12154 Error - TNS:could not resolve the connect identifier specified
Next: Unable to connect to SQL Server database.
From: Anthony Jones on 3 Oct 2006 03:31 <rolfejr(a)gmail.com> wrote in message news:1159821075.460229.192050(a)k70g2000cwa.googlegroups.com... > That's basically the conclusion that I had come to - there is a > Microsoft support document (several, actually) on the problem of > downloading PDF's over an SSL, but I'm not using SSL - actually, in > this particular scenario, the client may or may not use SSL (inside > the company they don't - outside they do). Anyway, I will experiment > some more with the private; no-store heading - at least now I know the > correct header - thanks. > > As to the question about how do you prevent a client from just saving > the PDF - you don't, and as has been stated already, that is > irrelevant. Of course someone can just save the PDF from their browser > - that's not the concern. the concern is someone ELSE pulling from a > users cache without their knowledge. Basically I am dealing with > people's pay stubs in PDF form, so if they want to save it, fine - they > can do whatever they want with it. I just don't want people pulling > OTHER employees pay stubs from their internet caches - at home, at > work, at the library, etc, etc. > Yeah um just don't do that then. > > Rather than mucking about with various headers lets just use the correct > > headers for your requirement. > > > > You want to attempt to stop the file from being cached at all. This could > > be a problem for PDFs. > > > > The correct code to acheive this is:- > > > > Response.CacheControl = "private; no-store" > > > > This informs all proxies between the origin server and the client not to > > store a copy of the resource. It also tells the client that it should not > > keep a copy of the resource. (no-cache actually means keep a copy if you > > want but always check back with the origin server before using it) > > > > The problem with this, at least with IE and PDFs, is that the implementation > > doesn't appear to be able to handle rendering a PDF stream directly, it > > needs to map the stream in to a file so despite the http headers saying > > otherwise it is stored anyway. Why it isn't deleted after it has been > > finished with I don't know it ought to be possible. > > >
From: Mike Brind on 3 Oct 2006 04:08 rolfejr(a)gmail.com wrote: > That's basically the conclusion that I had come to - there is a > Microsoft support document (several, actually) on the problem of > downloading PDF's over an SSL, but I'm not using SSL - actually, in > this particular scenario, the client may or may not use SSL (inside > the company they don't - outside they do). Anyway, I will experiment > some more with the private; no-store heading - at least now I know the > correct header - thanks. > > As to the question about how do you prevent a client from just saving > the PDF - you don't, and as has been stated already, that is > irrelevant. Of course someone can just save the PDF from their browser > - that's not the concern. the concern is someone ELSE pulling from a > users cache without their knowledge. Basically I am dealing with > people's pay stubs in PDF form, so if they want to save it, fine - they > can do whatever they want with it. I just don't want people pulling > OTHER employees pay stubs from their internet caches - at home, at > work, at the library, etc, etc. > Is password-protecting the PDFs not an option? -- Mike Brind
From: rolfejr on 5 Oct 2006 16:46 > Is password-protecting the PDFs not an option? I wish. The pdf's are stored in the database by third party software, so I have no control over how they are created. There may be some option of pulling them out, password protecting them, then putting them back in the database using some third-party pdf app, but I wouldn't really know where to begin there...
From: Mike Brind on 5 Oct 2006 17:16 Persits ASPPdf allows you to open existing PDF documents and alter their security settings, including applying passwords. http://www.asppdf.com/manual_08.html You would probably have to create a temp copy of the PDF on the server, apply new security settings to that, then stream it and delete the temp file. The 30 day evaluation is definitely worth taking up. And no, I'm not on commission - I have found it to be a very good product :-) -- Mike Brind <rolfejr(a)gmail.com> wrote in message news:1160081164.980238.103320(a)k70g2000cwa.googlegroups.com... >> Is password-protecting the PDFs not an option? > > I wish. The pdf's are stored in the database by third party software, > so I have no control over how they are created. There may be some > option of pulling them out, password protecting them, then putting them > back in the database using some third-party pdf app, but I wouldn't > really know where to begin there... >
From: rolfejr on 5 Oct 2006 17:29
Thanks for the reference, I will definitely look into it. Mike Brind wrote: > Persits ASPPdf allows you to open existing PDF documents and alter their > security settings, including applying passwords. > > http://www.asppdf.com/manual_08.html > > You would probably have to create a temp copy of the PDF on the server, > apply new security settings to that, then stream it and delete the temp > file. > > The 30 day evaluation is definitely worth taking up. And no, I'm not on > commission - I have found it to be a very good product :-) > > -- > Mike Brind > > > <rolfejr(a)gmail.com> wrote in message > news:1160081164.980238.103320(a)k70g2000cwa.googlegroups.com... > >> Is password-protecting the PDFs not an option? > > > > I wish. The pdf's are stored in the database by third party software, > > so I have no control over how they are created. There may be some > > option of pulling them out, password protecting them, then putting them > > back in the database using some third-party pdf app, but I wouldn't > > really know where to begin there... > > |