Protected generated PDF files
I need to create approximately 18,000 PDF files containing confidential information. PDF files will be transferred through the web application to end users. Obviously, some users should see more reports than others. The two ways I'm going to serve PDFs is by physically storing each PDF in a directory under the web application, or storing the PDF in a database. PDFs should only be accessible to authorized persons, and I don't want users to guess URLs to see other users' information. But I am a little hesitant to put this information into the database.
Is one way preferred over the other?
source to share
A PDF in a database is no more secure than a PDF on a disk as long as they are both streamed through the same website. Unless you allow the web server to serve PDF requests the same way as any resource on disk. Which, in your case, would be a bad idea.
I was working on a project with similar requirements. Our documents are stored on disk (not directly accessible via the URL on the website) and their locations and security information are stored in a database.
When a request comes in for a document, I determine if the user has rights to the document (database queries), and if so, I get the location of the file and deliver the file directly through the response stream.
source to share
Do not store PDF files in the document tree. Put them somewhere else on the drive where the user cannot enter the url because there is no url. Then, programmatically fetch the data only AFTER confirming that the user is authorized to see it, and feed the bytes back out of the program.
Alternatively, you can create a separate directory in the document tree for each user, and put passwords in those directories using web server security such as Apache Basic Authentication or any other equivalent on your server. It might be easier, but if the user can exchange documents in inconsistent combinations, i.e. Al and Bob can see # 1, Al and Cathy can see # 2, Cathy and Dave can see # 3, etc., it won't work.
source to share