Once again thanks for the suggestions. Email won't work here however, as the GWT application is an interactive workflow management tool. When a user wishes to see a PDF, they need to see it right now rather than wait for a link to be supplied via email. If browser is the only way forward, how can I do this?
Thanks Simon On Monday, January 7, 2013 4:47:56 PM UTC, jchimene wrote: > > On 01/07/2013 09:23 AM, Flying-w wrote: > > Thanks for the reply. The PDF content is highly valuable, so each > > request must be authenticated and the pdf content must be delivered to > > the browser securely. > > > > Recommendations for other delivery methods? > > There is no reason to deliver the content specifically to the browser. > Most folks will use Acrobat to read the PDF, so the browser acts as an > intermediary and increases the attack surface. The content is valuable > (i.e. there is sufficient economic interest to analyze your delivery > method and dupe the server), attacks are possible and economically > beneficial to the attacker. > > I'd use email. Deliver the PDF as an attachment. There might be issues > w/ filters. > > You might also consider emailing a one-time key as the query string in a > URL, then downloading the PDF in response to that GET. As the key is > associated w/ the user, there is no secondary login required. Also, you > know (i.e. implement in code) that the request can only happen once. It > might also be appropriate to implement a time window in which the URL is > valid. > > > > Perhaps the ideal solution is to have the PDF content delivered in the > > response > > to a GWT RPC method say as a byte array. The problem is, I've no idea > > how to get that byte stream rendered in the browser. > Security by obscurity? No. > > Cheers, > jec > -- You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group. To view this discussion on the web visit https://groups.google.com/d/msg/google-web-toolkit/-/Q4U23qnnt5kJ. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
