Is it dangerous to put pdf files with cryptographically-generated-128-character file names in a public web folder?

Well it does qualify as security-through-obscurity so it's frowned upon. Think about following scenario's: What happens when someone else gets a hold of the link? By snooping the connection, reading e-mails, hacking a computer which contains a bookmark/download history/cache.

Since the link is always there, your document is now public If at any time in the future, a minor part of your server is compromised and the directory is indexed, even for a second, all files are public. This can be one badly-written script, one injection, one XSS-vulnerability, one currently unknown zero-day. You are exposing your documents to the weakest link You should probably not do this Instead, keep the documents at a secure location out of the document-root.

Then when an authenticated user asks for the document over a secure (HTTPS) connection serve the document using a script that reads the document and writes it over the connection. No temporary files in the documentroot!

Well it does qualify as security-through-obscurity, so it's frowned upon. Think about following scenario's: What happens when someone else gets a hold of the link? By snooping the connection, reading e-mails, hacking a computer which contains a bookmark/download history/cache.

Since the link is always there, your document is now public. If at any time in the future, a minor part of your server is compromised and the directory is indexed, even for a second, all files are public. This can be one badly-written script, one injection, one XSS-vulnerability, one currently unknown zero-day.

You are exposing your documents to the weakest link. You should probably not do this. Instead, keep the documents at a secure location, out of the document-root.

Then when an authenticated user asks for the document over a secure (HTTPS) connection, serve the document using a script that reads the document and writes it over the connection. No temporary files in the documentroot!

Download. Php? File=128_char_filename.

Pdf Where download. Php checks the users permission for that file. That way you would not have "secure" pdf files in a public folder.

Forcing a file download with ASP. NET: haiders.net/post/Force-File-Download-wit....

– xport Mar 7 at 8:35 This example assumes your files are already generated. But you can generate the file on the fly and then feed it to the browser for download. Just replace WriteFile with something more appropriate.

– Peeter Mar 7 at 8:50.

I cant really gove you an answer,but what I can give you is a way to a solution, that is you have to find the anglde that you relate to or peaks your interest. A good paper is one that people get drawn into because it reaches them ln some way.As for me WW11 to me, I think of the holocaust and the effect it had on the survivors, their families and those who stood by and did nothing until it was too late.

Related Questions