[ic] Restricting access to PDFs
Brian J. Miller
brian at endpoint.com
Tue Aug 1 12:27:28 EDT 2006
Kevin Walsh wrote:
> Grant <emailgrant at gmail.com> wrote:
>
>>I'd like to limit the display of PDF files to admins. I've put my
>>PDFs in a directory below the docroot and set up apache2 to require
>>authentication to access that directory. The whole thing works fine,
>>but I was wondering if there might be an IC way to do this?
>>
>
> The IC way to do things like that is to treat the files as "soft goods".
> The idea is that you create a randomly-named directory and symlink
> your file into there. You can then provide a URI to your file without
> much chance of anyone guessing the path.
>
> The symlink setup can be gated using whatever Interchange-based
> authentication you deem appropriate.
>
> For an example, see the [enable-downloads] UserTag, on this page:
>
> http://www.interchange.rtfm.info/downloads/usertags/index.html
>
Additionally you can use an actionmap combined with the [deliver] tag to
provide any file accessible on the local filesystem with whatever
privilege system you would like.
The [deliver] tag provides base functionality for sending the proper
Content-Type header and the raw file as is.
Example
In page:
[page area="download/myfile.zip"]My file (zipped)</a>
In catalog.cfg:
ActionMap download <<EOR
sub {
my @path = grep /\S/, split m:/+:, $_[0];
my $spec = join('/', 'pages', @path[1..$#path]);
Log("Calling 'deliver' with $spec");
my $result = $Tag->deliver({ file => $spec });
Log(sprintf('Returned %s', defined($result) ? $result : '(undef)'));
return 1;
}
EOR
Then within the 'download' actionmap you can add any privilege checking
you wish before providing the file itself. We use this method on at
least one client site for handling soft goods.
HTH,
Brian J. Miller
End Point Corp.
More information about the interchange-users
mailing list