| Dart Home | PowerTCP WebServer for ActiveX | Custom Development | Reply | PowerTCP WebServer for ActiveX Topics | Forums |
| Author | Forum: PowerTCP WebServer for ActiveX Topic: Private PDF being saved to disk when viewing in IE |
| haagen_daz From: Burnsville, MN USA Posts: 13 Member Since: 07/06/05 |
posted May 30, 2006 3:43 PM I am having a serious security issue which makes or breaks software sale... The issue is: I have created a web server which serves secure (private) information (in a pdf) to the browser. When the pdf is opened through IE, there is an actual copy of that pdf written to C:\Documents and Settings\"a user"\Local Settings\Temporary Internet Files\Content.IE5\"some folder". Some users will be using the same pc to view thier "user specific" pdf's so this causes a huge security issue. Can anyone please tell me how to serve up a pdf to the browser without a copy of that pdf getting stored on the client pc? Thanx, Dustin |
Tony Priest From: Utica, NY USA Posts: 8466 Member Since: 04/11/00 |
posted May 31, 2006 8:20 AM Sorry, but I honestly don't see how this would be possible. The user would have to clear his temp directory. If it's possible it would be something that is done in the header of the response that is sent in the Get event. If you find some kind of specification for what is needed, and you can't figure out how to modify the header yourself, please let me know and I will try and see what I can do. |
| DavidW From: London, United Kingdom Posts: 12 Member Since: 06/22/06 |
posted June 26, 2006 10:46 AM The best way would be to use NTFS, so that users could not read each other's directories. Failing that.there are a couple of IE advanced options that might help: - Do not save encrypted pages to disk; - Empty Temporary Internet Files folder when browser is closed. A cache-control: nostore header may help, but possibly not in the browser, and you should certainly have cache-control: private, if not using SSL, and in that case, even if using NTFS. These need to be real headers, not http-equiv. |
| Reply | PowerTCP WebServer for ActiveX Topics | Forums |
This site is powered by
PowerTCP WebServer for ActiveX
|