Posted on 2004-10-29
From a web app (written in Delphi 7.1 w/IntraWeb 7.2), I need to be able to open a PDF in a new window while providing no means of accessing the PDF except via the app (i.e., web user can't just plug in a url and go directly to the file).
Currently, I'm simply opening a new window with the desired PDF. This has a multitude of flaws:
1. It displays the url to the PDF in the new window, and even disabling the address/toolbars & redirecting things through a static html page to tidy up the title bar provides no defense against a simple Ctrl-N, which puts things back to square one.
2. The PDF url shows up in the browser history.
What I *REALLY* am hoping I can do is to store the PDF files somewhere on the server that my app can see but the outside world cannot (is this possible?), and then when a PDF is requested, have my app stream it to a new window, hopefully closing the gaping security holes noted above.