App-level security and downloadable files

geektron has asked for the wisdom of the Perl Monks concerning the following question:

This might be off-topic ... it's a rather strange issue.

One of the apps here at work is a small 'document management' system (for lack of a better term). It allows users to search through archives of journal articles and get PDFs and .txt documents. The default behaviour is 'view' ... clicking on the link provided by the application allows the user to view the file in question.

Some have been trying to download/save that file with a right-click and 'save as ...' command. Not an issue to the client, except for the fact that the link target is essentially:
myapp.cgi.html
on right-click. The link is actually internal to the app to make sure that the user is logged in (has a valid session cookie).

Is there any good, "quick" way around this? I don't want to be cheesy and use the stupid javascript 'disable right-click' BS.

Is there some way to modify the app so that right-clicks work as expected? (viz - the filename appears in the dialog box for 'save', not the link to the app)

Comment on App-level security and downloadable files Download Code

Replies are listed 'Best First'.
•Re: App-level security and downloadable files by merlyn (Sage) on Mar 23, 2004 at 18:52 UTC
In a column of mine from a few years ago, I talk about a portable way to generate distinct download filenames by using an ignored PATH_INFO section of the CGI's URL. That should solve your problem. -- Randal L. Schwartz, Perl hacker Be sure to read my standard disclaimer if this is a reply.	[reply]
[Re:^2] App-level security and downloadable files by geektron (Curate) on Mar 23, 2004 at 19:28 UTC
i think i see how the base idea is adaptable. essentially tack on another param to the link ... but that doesn't fix the issue of the difference between clicking the link and trying to save the link target, and that's where i'm focused. AFAIK, the server (and the script) don't know the difference between script invocation for display and script invocation for saving. I still want the end-user to be able to just view the files, not force them to save it (as a tar file or whatever) when they click (not right-click) the link.	[reply]
•Re: [Re:^2] App-level security and downloadable files by merlyn (Sage) on Mar 23, 2004 at 19:49 UTC
I think this still applies. You have `foo.html/what_I_want_to_be_saved_as.pdf`, and `bar.html/what_else_I_should_be_called.pdf`. If they click on it, they see it. If they click to save it, it's saved under the unique name. -- Randal L. Schwartz, Perl hacker Be sure to read my standard disclaimer if this is a reply.	[reply]