sophie_newbie wrote: > Hi, > > I'm writing a cgi application in Python that generates a PDF file for > the user and then allows them to download that file. Currently I'm > just writing the PDF file to the 'htdocs' directory and giving the > user a link to this file to download it. But the problem is that > another user could simply come along and download a file that isn't > their file by typing the address into the address bar. I don't want to > delete the file after it is downloaded either because I'd like the > user to be able to download it again if necessary. Is there any way > around this problem?
If the user needs to be authenticated, yes. Just encode the username in the pdf-name (on the FS that is, what name you give the downloaded file is unrelated). Then just allow to download the pdf by a user with the right name. Diez -- http://mail.python.org/mailman/listinfo/python-list
