Mark Wieder wrote: > On 03/04/2016 06:38 PM, Lyn Teyla wrote: > >> Using a HTTPS connection ensures that the PDF file is transmitted securely. > > Uh, sorry, no. > HTTPS by itself will (mostly) guarantee that you are connected to the server > you think you're connecting to. There's no encryption unless you enforce it > yourself. The connection itself isn't in cleartext after the initial > handshake, so someone listening in on the network traffic won't be able to > grab and view the pdf, but unless you're requiring a login and encrypting the > file, there's nothing to stop anyone from going to the https url and picking > up a copy of the file.
The whole point of HTTPS is _not_ just to authenticate the website, but also to encrypt the data in transit: https://en.wikipedia.org/wiki/HTTPS That’s precisely why online banking and ecommerce websites use HTTPS — to encrypt credit card and other important data during transmission. The same would apply to the PDF file being transmitted via HTTPS. The OP’s question being answered here was "Does the PDF _travel_ securely?" and not "Can anyone go to the HTTPS URL and pick up a copy of the file?". My statement was in response to that specific question, which was clearly quoted immediate prior to the statement itself. The latter question had already been addressed in my earlier reply, in which I described placing the PDF file outside the web folder on the server, as well as a user login mechanism being utilized, per the OP’s initial requirements. Lyn _______________________________________________ use-livecode mailing list use-livecode@lists.runrev.com Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-livecode
