HTML5 teaser

[Lyn Teyla]

Colin Holgate wrote:

> A PDF is online somewhere. A logged in user asks for it, and the server encrypts it before sending over, using some sort of key that was in the query. On receiving the data, the client side would have to unencrypted it, and show it as the original PDF in a browser.

This only involves LiveCode Server and doesn’t require LiveCode HTML5, JavaScript, sending any keys in the query, or writing any PDF files to the user’s hard drive.

Here’s a general outline of the implementation:

- Store the PDF on the server, somewhere outside the web folder so it can’t be loaded directly by web visitors.

- Get the user to access the system via a HTTPS connection, which is needed for a secure login mechanism anyway.

- The HTTPS connection does all of the encrypting and decrypting so you don’t have to code it yourself.

- The user logs in via your LiveCode Server app, which handles the usual user authentication stuff using cookies and sessions.

- When the logged in user asks for the PDF file, have your LiveCode Server app read from the PDF file and write it out to the web browser (as with any other web content), and with the appropriate Content-Type HTTP header.

- Since you’re having all data transmitted over a HTTPS connection, the user’s login details as well as the PDF file are encrypted whilst in transit.

- Since your LiveCode Server app is the one deciding whether or not to display the PDF (and any other data) based on whether the user is signed in, access can be effectively limited to that user.

Lyn