Ted Byers wrote:
Only the script in question is ever to write data to that directory. And indeed, only that script creates the web page that gives users access to these files (that is, it checks to see if the file(s) exist, and if so, creates a web page that provides the URLs to get the files. And if they do not exist, and if and only if the user has authorization to create the files, it creates them and then gives the web page that provides the links to access them. If the user is not authorized to create these files, they see only an executive summary, and the button that launches this script is not put on the executive summary page, so that user has no way to even look for the files (I have created a sophisticated permissions system that dynamically carefully controls what each user is able to see and do).
What stops the user simply typing in the URL of a PDF document? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org