Using PHP to protect pdf and other file types

[dlcmpls]

Hi everyone.

 

I want to use php to protect some files.  The files are of different types:  pdf, skp, dwg.

 

I can handle creating a php page that requires authentication.  That's easy.

 

BUT, let's say a user logs in to my php page, and then is presented with a list of links for pdf's.  User clicks a link and I open the pdf in a new window.  All is good so far.  But now the user can copy and paste the url into an email and send the url to an evil person.  The evil user now has direct access to my pdf via the url. 

 

By the way, I know a user can simply save my pdf and then forward it to whoever they want.  I have to live with that.

 

I know I could restrict access to a directory with a .htaccess file, and then put all my pdf's in that restricted directory, but for a variety of reasons, that's not gonna work.

 

Maybe my real question is "How can I hide the url of my pdf from a user."  That by itself would solve my problem.

 

Can anyone help?

[mr_bijae]

You could handle this in a couple different ways. One would be enable the security features when you create the PDF and have the PDF doc itself contain a sercurity level that moves along with it.

 

As for hiding where your pdf files are located, you can put them in an include file that is beyond the reach of the apache or IIS server. Have an include file named ./incpath.php and have that file declare the variable

 

$incpath = '/usr/local/pdf';

 

in the above example my Apache installation is at /usr/local/apache2/htdocs and my php is retrieved by the script but there is no URL in the application that the user can grab.