Hiding the path to a PDF in a browser pop-up window
October 1, 2006 7:14 PM   Subscribe

When I launch a PDF in a pop-up browser window, how can I hide the path to it that appears in the title bar?

A friend has several PDFs to be displayed in a pop-up window from which I've removed the location, status bar, etc. However, while an HTML page in a pop-up window will just have its title displayed in the title bar, the PDF displays the full path to itself. We don't want to drop clues about where to find other elements of the site, so I'd like to be able to hide that path. I've poked around in Acrobat and can see that there is a title assigned to the PDF, but it doesn't display in the title bar.

I'm sure I'm missing something obvious, so give me a kick in the ass and enlighten me.
posted by rosemere to Computers & Internet (7 answers total)
 
Best answer: Maybe you could instead open an html page with two frames: one invisible and the other the PDF file. Then you could set the window's title with the <title> element.
posted by zixyer at 7:41 PM on October 1, 2006


Sorry, I know this isn't an answer to your question, but I can't keep myself from adding: if you're trying to hide the location because the site contains other PDFs with confidential information, you should know that hiding the URLs is not a good approach to security. But I'm sure you're already aware of this.
posted by zixyer at 7:45 PM on October 1, 2006


Best answer: I agree with zixyer that any reasonably intelligent person can figure out the full path to a document fairly easily. Right click + "Copy URL".

You can do what you want programmatically by tagging each document with a unique ID (unrelated to anything about the doc) in a database table, then streaming out the relevant file based on the requested ID.
posted by mkultra at 7:57 PM on October 1, 2006


Response by poster: That's what I love about this place: fast, helpful answers.

Yes, the frameset approach, while imperfect, is something I can do. (mkultra, I'll keep your method in mind once I get more experience working with databases in a web environment.)

I know that URLs can be traced in a variety of ways, and that the chromeless windows and JavaScript right-click disabling we're using won't stop everyone. We're just trying to minimize what our mostly naive user base could do. The other information isn't confidential, just things we'd prefer that people don't poke around in much.
posted by rosemere at 8:17 PM on October 1, 2006


The other information isn't confidential, just things we'd prefer that people don't poke around in much.

Why not implement a couple of simple .htaccess rules to limit people's ability to poke around? (disable directory listing, maybe hotlinking too)
posted by misterbrandt at 8:41 PM on October 1, 2006


Response by poster: My friend's using IIS, not Apache, but has already disabled directory listing. We'll look at hotlinking safeguards for IIS as well. Thanks!
posted by rosemere at 10:27 PM on October 1, 2006


This how-to for PHP popped up on Digg today.
posted by mkultra at 9:52 AM on October 2, 2006


« Older If you pick up a piece of trash and put it back...   |   What happens to the Library of Congress when the... Newer »
This thread is closed to new comments.


Tags

Share