I need some assistance thinking about how to approach a problem of delivering data securely.
The data is a PDF file that resides on the server. My mission is to display it in a new tab or window when an authorized user requests access through the web site — but not allow anyone to load it directly by entering the file’s URL.
The approach I had in mind was to store the file with permissions set to 700, making it inaccessible through browsers. When the authorized user requests access, the site sets the permission to 704, allowing the user read-only access. It loads the file, then sets the permission back to 700. For a brief period the file is accessible to anyone, but it’s not so sensitive that that is a serious problem.
However, I’ve found that I have to load the file with an anchor tag that’s activated at load time by Javascript. (I’d rather not go into for reasons that beacuse they’re rather involved, and probably not relevant). That creates a timing problem, because the browser loads the PDF asynchronously with the server/browser interaction in the main window. Thus the server has no way of knowing when the PDF has finished loading, so it has no way of knowing when it’s safe to restore the file’s permissions.
I’ve thought about ways around this problem, but all of them have serious drawbacks. For example, the anchor tag could trigger a Javascript macro that sends a request to the server, which waits a few seconds for the PDF to load and then resets its permissions, but what if the server happens to be heavily loaded and the PDF doesn’t get loaded that fast? The delay could be too long for reasonable security and yet too short to work reliably.
Are there other ways I can approach this problem that will yield reasonably tight security without very elaborate coding?