kante wrote:The straight forward solution is to present the PDF download path only if they are authenticated, but what if someone distribute the absolute url?
Then all of your security measures would be null and void, which is why you shouldn't provide a direct path to the files (nor should they be accessible by any direct URL) but instead use a PHP script to send the file only after verifying their credentials.
kante wrote:I know there's a way to set up a PHP script to perform the download for you....only if the request is valid and recognized...
but I also read that is dangerous to have such a script on your webserver
It's dangerous if you don't know how such a script can be compromised and how to prevent it, sure. Then again, the same could be said about writing PHP code that interacts with a SQL database without having first studied up on SQL injections and data sanitization.
kante wrote:DO you have any safe solution for this? Example?
It depends on how you decide to store the PDF files. If you index them in a database, for example, you could simply pass an integer ID of the pdf document (e.g. download.php?id=1234). Your download script could then query the database for the file path and then output the necessary headers & content.
If you instead didn't want to involve a database, you could simply pass the file name (e.g. download.php?file=My%20Cookbook.pdf). This one's where the common security risks come in, since you don't know if they're giving you the filename of a PDF document in a certain directory or instead a path like "../../config/mysql.inc.php". One way to make sure they're only giving you a filename, however, is to use something like [man]basename/man on the incoming data.
