‘Hidden Source’ documents on a web page

Topic

New Reply

I’m trying to figure out a way to “cloak” the URL of some documents linked to by a web page I’m preparing. I have a “consent” page that the user reads and if they agree, then they can view the “protected” document (a pdf file or another html web page). The problem is, once in that document, they can (conceivably) save the URL as a favorite, desktop link, or even “pirate” it and link to it from their own documents or web pages. I’m looking for a way to force viewing of the consent form EVERY time one of the “protected” documents is accessed. Seems like the consent form may have to be part of the “protected” document (e.g., the document opens with the protected content hidden; if they agree to the consent statement, then the protected content appears), but I don’t know how to do this, either for an HTML fpage or for an embedded pdf document.

This is all for a secured intranet, so it doesn’t have to be bulletproof (e.g., they can always Save a Copy of the pdf document); I just want to eliminate the “no-brainer” means for accessing these documents without prior consent.

Any ideas?

Thanks!

Reply | Quote

Replies

The easiest way to do this is with a server-side scripting language, such as ASP or PHP. The script can check for the presence of a session cookie or other indication that the user has just accepted the agreement and then either deliver the document or show the agreement, whichever is appropriate. The documents can be kept in a folder that users otherwise would not know about, and so could not link to other than though the script.

Here’s a related example: http://jeffersonscher.com/Off2007/word.asp%5B/url%5D. The image links are in a form similar to: sc.asp?i=wo1-popular and the full URL is never revealed to the end user. The script file checks the “referer” for the request and serves the image only if the image is linked from my site or from the Lounge. (Otherwise it delivers a different image.)

Does this seem like a feasible approach for your application?

Reply | Quote

Thanks for the ideas. This is a little over my head, coding & scripting-wise, but I’m always up for a little continuing adult education! I like the way that if I copy your URL “http://jeffersonscher.com/Off2007/sc.asp?i=wo1-popular” into a fresh browser window and try to go to it, I get a warning message. That’s exactly what I’m looking for for that half of the problem.

Can suggest some resources that would help me get moving up the learning curve on ASP or PHP scripting, to a level that would be necessary for this sort of application? Thanks so much!!

Reply | Quote

Sorry for the delay. Here’s the ASP file used to serve the images. As you can see, it tries to deliver only if the referer matches a pre-defined pattern. In your case, the referer would be the page with the Accept button. The only way to get the file would be if the file was accessed through a link on that page. Note that in my example caching is allowed for several days. You might need to shorten this.

Reply | Quote