HTML5 teaser
Lyn Teyla
lyn.teyla at gmail.com
Sat Mar 5 01:43:39 EST 2016
Mark Wieder wrote:
> On 03/04/2016 06:38 PM, Lyn Teyla wrote:
>
>> Using a HTTPS connection ensures that the PDF file is transmitted securely.
>
> Uh, sorry, no.
> HTTPS by itself will (mostly) guarantee that you are connected to the server you think you're connecting to. There's no encryption unless you enforce it yourself. The connection itself isn't in cleartext after the initial handshake, so someone listening in on the network traffic won't be able to grab and view the pdf, but unless you're requiring a login and encrypting the file, there's nothing to stop anyone from going to the https url and picking up a copy of the file.
The whole point of HTTPS is _not_ just to authenticate the website, but also to encrypt the data in transit:
https://en.wikipedia.org/wiki/HTTPS
That’s precisely why online banking and ecommerce websites use HTTPS — to encrypt credit card and other important data during transmission. The same would apply to the PDF file being transmitted via HTTPS.
The OP’s question being answered here was "Does the PDF _travel_ securely?" and not "Can anyone go to the HTTPS URL and pick up a copy of the file?". My statement was in response to that specific question, which was clearly quoted immediate prior to the statement itself.
The latter question had already been addressed in my earlier reply, in which I described placing the PDF file outside the web folder on the server, as well as a user login mechanism being utilized, per the OP’s initial requirements.
Lyn
More information about the use-livecode
mailing list