From Drumlin Security Wiki
Jump to navigation Jump to search

There are several different approaches to accessing Webdoxx HTML5 format documents (converted PDF, PPT or ePUB files). These are outlined below. The various options can be implemented separately or in combination, depending on requirements, content security issues, practicality etc.

Direct Link access

This is the standard mode of access. The publisher provides a link to an index page for the target document (i.e., a specific URL for that document) so the user directly accesses the document when they select the link. Target index pages usually are set with a requirement to login in order to view the document, assuming access controls are in place and the individual is not already logged in. This is the simplest and most widely used access method for webdoxx services. The link can be provided in an email or other media to the user or can be provided on a web page as a hyperlink (text and/or image), whether that be a conventional web page, ecommerce service or a specialized learning platform such as Moodle. Note that it is possible, though not generally desirable, to include a login username and password in the command line (URL) to provide auto-login.

IPAddress access

For larger organizations, such as Hospitals, Universities, Government Departments, Corporate HQs etc. an IPaddress or block of IPAddresses can be used to determine the source of the connection and a direct link with auto-login can be enabled. Note that whilst this retains security via login access control (invisibly) it does not pass the individual end user details to the webdoxx server, only the user associated with the IPAddress block. This facility is standard on the shared service on www.webdoxx.com

iframe access

Access to an external website can be made using an iframe with no login. The target URL is thus hidden from the end user and the service appears to be running on the source website (embedded). This is the approach that a very large educational publisher has adopted with 1000s of titles and works very well - in their case the customers access the publisher's portal and from there have access to the materials provided - this is a very simple, clean solution, but requires that the access details (target URLs) are hidden on the site (see also, pop-up access, below)

Local hosted access

It is possible for complete filesets to be provided to selected customers to host locally on their servers - in this case the end user organization would be responsible for controlling access to the materials provided. A webdoxx fileset is a set of files and folders, together with an index page (e.g., index.html or index.php) that provides the viewer software for the converted PDF or other format document). For a PDF document with N pages the converted fileset is provided as a zip file that usually contains at least 3N files and N folders. Poorly structured PDF files (e.g., where the images used are encoded as large numbers of separate fractured elements) may result in larger numbers of files

Pop-up access

Where iframe access is preferred from a source website, and login security is also needed (manual or auto-login) the approach may fail owing to recent changes to the way browsers handle cross-domain security. In this case an alternative is to use a pop-up window, as shown below

Sample pop-up facility code

<script> function openwindow(){ window.open("URL OF TARGET","myWindow","menubar=0,status=0,scrollbars=1,resizable=1,height=1000"); } </script>

Please click <a href="javascript: openwindow()">HERE</a>