Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Need to stream a hidden PDF to a new window via IntraWeb/Javascript

Posted on 2004-10-29
20
Medium Priority
?
2,685 Views
Last Modified: 2008-01-09
From a web app (written in Delphi 7.1 w/IntraWeb 7.2), I need to be able to open a PDF in a new window while providing no means of accessing the PDF except via the app (i.e., web user can't just plug in a url and go directly to the file).

Currently, I'm simply opening a new window with the desired PDF.  This has a multitude of flaws:

1. It displays the url to the PDF in the new window, and even disabling the address/toolbars & redirecting things through a static html page to tidy up the title bar provides no defense against a simple Ctrl-N, which puts things back to square one.

2. The PDF url shows up in the browser history.

3. After clicking the button that opens the new window with the PDF, if you view the source on the app window, you can locate the Javascript call that opened the new window, and of course it shows the url parameter it's sending.

After viewing PAQ Q_20138297, it looks like the best solution is to use streams.  Alas, said PAQ was in the ASP section, and I confess to having -zero- knowledge in that arena and very little knowledge of Javascript, so I'm unsure of how to code this.

What I *REALLY* am hoping I can do is to store the PDF files somewhere on the server that my app can see but the outside world cannot (is this possible?), and then when a PDF is requested, have my app stream it to a new window, hopefully closing the gaping security holes noted above.

This is a very urgent matter and the complete solution is well worth 500 points, in my estimation.  I suspect the first (and hardest) step will be to code the solution in Javascript, but ultimately I need a Delphi/Intraweb-coded solution.
0
Comment
Question by:cherrylan
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 5
  • 3
  • +3
20 Comments
 
LVL 31

Expert Comment

by:seanpowell
ID: 12451621
Hi,

I'm afraid I don't use Delphi/Intraweb, so I can't be of any help there. I can show you how to password protect an area of the site and then stream the pdf's with asp, but I'm not sure if that's going to get you where you need to go.

Perhaps in combination with the experts at http://www.experts-exchange.com/Programming/Programming_Languages/Delphi/

Have you explored that area of EE to see if there was any response?

Sean

0
 

Author Comment

by:cherrylan
ID: 12452138
Hi Sean,

I wasn't sure if my question was more appropriate for this area or the Delphi area and since it's my understanding that questions are not to be double-posted, I picked this topic area.  (EE newbie, first question!)

Regarding Intraweb, although the documentation is unfortunately quite sketchy, there *is* a way to embed Javascript, which is in fact how I'm currently opening PDFs in a new window, which is why I thought this would be the way to go in terms of crafting a solution.

As for asp, I'm always willing to try learning, but I'll ask for your patience in advance if I ask a lot of silly questions, though - my expertise is in standalone apps, NOT web development.  Intraweb provided a handy wrapper to migrate my application to the web and has performed admirably, but the nature of the web has presented me with this unexpected security problem.  Let me clarify the current situation a bit: My app gets compiled as a dll and runs on Windows 2003 servers at my customers' sites.  All of my current customers use IIS; most do not have IT departments, so I can't use a solution that would require IT monitoring/intervention.

George
0
 
LVL 11

Expert Comment

by:huntersvcs
ID: 12452810
Why don't you just download the pdf instead of opening it locally?  That way - no link!  Sorry, but I just got here.  I have a website that also opens pdf's statically (address is seen) but I believe you can change the link from open to download.
0
Looking for a new Web Host?

Lunarpages' assortment of hosting products and solutions ensure a perfect fit for anyone looking to get their vision or products to market. Our award winning customer support and 30-day money back guarantee show the pride we take in being the industry's premier MSP.

 
LVL 10

Expert Comment

by:frugle
ID: 12452906
There is no feasible way of using a browser to give anyone any type of file without giving away the location of the file that is being delivered. This is a security feature - it's just how the web works.

The only solution I can see is to embed a pdf viewer within your application and disable the properties dialogues.

Mike
0
 

Author Comment

by:cherrylan
ID: 12453476
To huntersvcs:

I've already tried sending the pdf file instead of opening it in a new browser window.  You're correct in that that eliminates the link since it opend directly in Acrobat instead of a browser, but (at least when I tried doing) it has the undesirable side effect of prompting the end-user to open the document, which could get ugly, particularly in a batch-open mode.  My app tended to freeze up when I tried that tack - probably a bug on my end but because of the prompting issue I began exploring other possible solutions.  If there's a way to send the file w/o forcing the end user to confirm, this might be okay, but I'm thinking that the pdf would still have to be sent as a stream rather than as a file, else the user can simply click the send button and then view source on the app to see where the file was pulled from.  I could of course copy the original to a temp location and then send *that* file, but I'd prefer to avoid the use of temp files if I can.

To frugle:

In PAQ Q_20138297, it sounds like a solution was arrived at by using streams and ASP - unfortunately I don't know the first thing about ASP, but this solution evidently took care of the url issue, both in the browser and the browser's history.  The pdf can't be opened in the app window, since the end user needs to be able to open an arbitrary number of files at once, which of course requires that they open in their own windows.

--

Certainly, it would be possible to create a temp copy of the original pdf and send that, but it just seems that streams would be a lot cleaner, and wouldn't require a secondary app to monitor & clean up temp files.

--

To seanpowell:

I'm definitely interested in seeing what you had in mind for a solution.  It might be a bear to get things in such a form that I can code & compile them on this end, but hey - one step at a time.

George
0
 
LVL 49

Expert Comment

by:Roonaan
ID: 12458714
0
 
LVL 11

Accepted Solution

by:
huntersvcs earned 200 total points
ID: 12461498
This site offers different methods of hiding scripts.  I didn't want to just copy the code - there may be other things you can use from them as well!

http://www.siteexperts.com/tips/hideit/theCode.asp

Hope this helps.
Rick
0
 

Author Comment

by:cherrylan
ID: 12464381
To Roonaan & huntersvcs:

Remember guys, I'm a pro standalone app guy but an absolute neophyte in the web scripting world - I hate to admit it, but at present I don't even know what asp *is*, exactly, let alone understand how to use it or know what if any tools I need in order to employ it.  At present, my app is 100% compiled Delphi code (runs as a dll on the server) with a single embedded Javascript command which opens a new window with the desired pdf:

  AddToInitProc('NewWindow("' + UserSession.RootUrl + UserSession.PDFUrl + '","","")');

Although my web development tools are unfortunately not well-documented, it seems it is possible to define and embed custom Javascript routines in the code, but if the solution involves asp, I'm afraid I'll need the "long winded" version.

As far as hiding my code is concerned, the only thing I *really* care about hiding is the pdf url, and I *think* that streaming the pdf instead of passing the url should take care of it.  I'll keep experimenting on this end...

George
0
 

Author Comment

by:cherrylan
ID: 12475727
To all:

Alas, the approaching deadline for my project is forcing me to choose a practical solution over an elegant one for the time being.  I'll simply copy the pdfs to a temp directory and open new windows with urls to the temp files, then run a sweeper program 1/day to clean out the temp directory.  I'm convinced there's a much cleaner way of doing this, and if anyone can figure out how, I'm all ears - but for the time being I'll just code what I consider a "down and dirty" solution.

I'm still interested in solving the problem via Intraweb w/o temp files, though....

George
0
 
LVL 2

Expert Comment

by:MatrixDweller
ID: 12618279
I don't know how to do it in Delphi but in C++ I would read the PDF into the server's memory and then send the file via a http stream to the client. The same way you would output HTML that's stored in a string to the client except you would need to set the header approriatly so the client's browser knows it's a PDF and not HTML. In ISAPI you can specify all that stuff in the HTTPContext. I'm sure Delphi has similar mechanisms.

If the PDF is generated by Crystal Reports you can send the file via a stream to begin with, which doesn't save a file to disk.
0
 

Author Comment

by:cherrylan
ID: 12627966
In recent days I was finally able to correspond with one of the developers of the IntraWeb tools, and he basically stated that there's no way to accomplish what I wanted to do, since a new window MUST have a URL to load content from.

However, I think I *have* come up with a solution that will work, which is to log the PDF request in a database and then open a new window which loads a second program, passing log file index data unrelated to the PDF file name as parameters, and have the second program do nothing more than verify the log entry, retrieve and stream the PDF in its own window, and then delete or flag the log entry.

If I'm thinking about this correctly, that should completely solve the issues as I presented them initially:
 - the PDFs can reside in "safe storage" - either a non-public directory or as records in a database
 - although the program is broken into two dlls, data can be streamed by the second program since it has its own window
 - this eliminates the need for any temp files or sweeper processes
 - an end user cannot simply pass parameters to the second dll and retrieve PDFs directly, because it can't locate a PDF unless it
   the first process has posted a log entry matching the parameters sent, and the log entry is deleted or invalidated as soon as the
   PDF is retrieved.

As things stand, I've long since coded up a solution using temp files, but when time permits I intend to try my idea out - just looking at the logic, I think at this point it'll prove pretty easy to code.
0
 
LVL 2

Assisted Solution

by:MatrixDweller
MatrixDweller earned 200 total points
ID: 12628179
I have read in TIFF, JPG and other image and file formats that reside on a different server, outside of web services reach, with ISAPI and outputted the binary data to the clients browser in a new window ( setting the header accordingly ). It actually speeds up the process huge because you eliminate more than half of the disk access that is normally used.

read file->copy file to new location->iis reads file->iis sends file->delete file
becomes
read file->iis sends file via your app

It's actually pretty easy to do and I'm sure any web programming language accomodates it.

Of course the new window would be a location to my isapi dll but coded properly the link that launches the window would include some sort of validation key. That validation key could reside in a flat file/db ( delete it when the pdf is outputted ) or could be generated from the time and expire within a set amount of time ( ~5 minutes ).
0
 
LVL 11

Expert Comment

by:huntersvcs
ID: 12807336
Split ?
0
 
LVL 2

Expert Comment

by:MatrixDweller
ID: 12809136
I'd go for the split
0
 
LVL 11

Expert Comment

by:huntersvcs
ID: 12821302
Agree.
0
 
LVL 11

Expert Comment

by:huntersvcs
ID: 12865242
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When it comes to write a Context Sensitive Help (an online help that is obtained from a specific point in state of software to provide help with that state) ,  first we need to make the file that contains all topics, which are given exclusive IDs. …
FAQ pages provide a simple way for you to supply and for customers to find answers to the most common questions about your company. Here are six reasons why your company website should have a FAQ page
This video teaches users how to migrate an existing Wordpress website to a new domain.
The is a quite short video tutorial. In this video, I'm going to show you how to create self-host WordPress blog with free hosting service.
Suggested Courses

609 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question