Ted Byers wrote:
Only the script in question is ever to write data to that directory. And indeed, only that script creates the web page that gives users access to these files (that is, it checks to see if the file(s) exist, and if so, creates a web page that provides the URLs to get the files. And if they do not exist, and if and only if the user has authorization to create the files, it creates them and then gives the web page that provides the links to access them. If the user is not authorized to create these files, they see only an executive summary, and the button that launches this script is not put on the executive summary page, so that user has no way to even look for the files (I have created a sophisticated permissions system that dynamically carefully controls what each user is able to see and do). What stops the user simply typing in the URL of a PDF document? Very little. But our user base is, at best, cognitively challenged, and, to enter the URL they'd have to see it, and either write it down or remember it. I know, security through obscurity is not generally adequate, but in this case, what they'd need to do is beyond all of
On 14-02-07 05:59 AM, Dave Howorth wrote: them, and, even if one of them did manage it, there is no harm that they could do by doing so. (In some organizations, it would be asked why one would bother to secure them at all.) It was decided, not by me, that the cost of strengthening the security of these documents is many orders of magnitude greater than the risks in not providing greater security for these documents, and so I was asked to focus on other things. Cheers Ted -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org