0

I am making an app that allows the user to navigate through a series of selections and then directs them to a PDF which is stored on a website that I have.

I only want the PDF's to be viewable from within my app and not just from a random person with the URL. I was thinking I would put a password on the website and then the app would somehow pass the password to the website to enable the download, (the pdf's themselves would not have a password).

How do I have the app submit the password for my website automatically? And how do I download and then display the PDF? I know how to display a PDF that is part of the application bundle but I am new to networking/downloads. I would like the app to save the PDF locally once it has been viewed.

Is there a way to make the website only work for someone on a mobile device?

Thanks in advance

Ben
  • 589
  • 7
  • 19
  • I'll ask the required question first: what have you tried? There are many ways to skin this cat. Using a basic HTML auth for this is insecure so depending on the sensitivity of your PDFs it's a very bad idea. I would recommend putting forth some effort (or showing what you've done) to avoid getting downvoted on this. – Dan Jul 22 '13 at 15:52
  • right now the application has the ability to go to a URL and display a PDF in a UIWebView. So it will go to `www.example.com/file.pdf` and display that. I am not sure what the best way to go about saving this locally is. The actual URL will be obfuscated and the data is not highly sensitive... just not something I want random people accessing. I don't have much web experience, and I feel that there should be a way to determine if a person coming to my site is on iOS...And there should be a way to prevent access from non-iOS traffic. I understand it can be spoofed, but I think it is enough – Ben Jul 22 '13 at 16:07

1 Answers1

1

On your backend web server you need to explore Mobile Device Detection. I recommend this link What is the best way to detect a mobile device in jQuery?.

Regarding your app it sounds like you semi-care who sees the PDF so using HTTP POST would probably work for sending up a password. If the password is static and never changes then hardcode it into the code. This methodology is very simple but also very static, very sniffable and very 1995-ish.

As you said you're comfortable accepting the risk of your PDF being opened by someone sniffing the password out of some network traffic because if you really care about who sees the PDF you would have your server using an SSL cert and require the end-user to enter the password at least once as well as store it in the app's keychain. That way you could care less about their platform (iOS, Android, etc) and really only care if the user you're interrogating is authentic or not.

Just my two cents. Good luck.

Community
  • 1
  • 1
Dan
  • 4,925
  • 4
  • 29
  • 41