Export Field Contents and Automatically Open

[Matt Klein]

Hi All -

 

Looking for some direction here.  I'd like to use WebDirect to act as a secure delivery mechanism for PDFs stored in container fields.   I set the FileMaker Database server to require secure connections so data passing between the server and the browser is encrypted. 

 

My first thought was to simply put the container field on a layout and set it to be interactive and load automatically.  I quickly found that, unless I had "Enable progressive downloading" on in the Database Server,  the content would NOT show in the field.  Instead it just showed the PDF icon and file name.

 

The problem with having "Enable progressive downloading" enabled is that the content is sent the browser using HTTP which is not secure.

 

My next thought was to Export Field Contents and open the file automatically.   I'm getting a fast education on WebDirect.   In getting ready to test the Export Field Contents I found that WebDirect doesn't support the "Specify Output File" feature which is where the "Automatically open file" feature lives.

 

Does anyone know how I can open the file automatically after exporting it OR another way to open a PDF stored in a container field via WebDirect?  

[Steven H. Blackwell]

I don't think you're going to make a lot of progress here.  The automatic opening of downloaded files is a browser-based option.  I would consider carefully whether to not to employ it, inasmuch as it could be turned into an attack vector to place malware onto a user's computer.

 

The relationship between the various components of FileMaker Server 13 are somewhat complex when dealing with encryption. Connections between WebDirect and browsers occur over https in all circumstances.  Connections between FileMaker Server's database server and the Web Publishing Engine are encrypted provided Administrators select that option in the Admin Console. The WPE is a client just as is FileMaker Pro or FileMaker GO.

 

Steven

[Matt Klein]

Stephen -

 

I appreciate your response.  Thank you.

 

I now agree that auto opening downloaded files is not a good idea given that it would be a browser setting and would apply to all files the users download, not just those files associated with my WebDirect app.

 

The rest of your e-mail may have supplied me with some clarity regarding which connections are secure/encrypted.  Just to be sure....if I read it correctly,  what you are saying is that ALL data sent from Web Direct to the browser is encrypted using SSL/HTTPS and that is not a setting that can be modified.   This includes PDFs in interactive container fields even though in order to make it interactive we must select "Allow progressive downloading" in order to have that interactive container show the PDF in the browser and even though the note on the Security tab in the Database Server setup states that progressive downloading uses unencrypted HTTP.   Sorry for the run on sentence. 

 

So, with "Allow progressive downloading" on,  the PDF stored in the container is sent to the Web Publishing Engine and then on to WebDirect using unencrypted HTTP, but  WebDirect sends that same PDF on to the browser via SSL/HTTPS.   So,  as long as the WebDirect server is on your LAN and behind a firewall,  the presentation/sending of that PDF in the interactive container field in the browser via WebDirect is fully secure.  

 

Is that correct?

[Steven H. Blackwell]

 

So, with "Allow progressive downloading" on,  the PDF stored in the container is sent to the Web Publishing Engine and then on to WebDirect using unencrypted HTTP, but  WebDirect sends that same PDF on to the browser via SSL/HTTPS. 

 

That is a very good question, and it presents a nuance about which I am not 100% certain.  Let me see what I can find out about this.  FMI may be closed today, but I will endeavor to get some definitive answer to this as soon as possible.

 

Steven

[Matt Klein]

That is a very good question, and it presents a nuance about which I am not 100% certain.  Let me see what I can find out about this.  FMI may be closed today, but I will endeavor to get some definitive answer to this as soon as possible.

 

Thank you, Steven.    I look forward to your findings.

 

It might also be interesting to know why WebDirect requires progressive downloading to show interactive content in containers while FileMaker Pro does not.

[Wim Decorte]

 

 

It might also be interesting to know why WebDirect requires progressive downloading to show interactive content in containers while FileMaker Pro does not.

 

That could be a design decision to increase the "responsiveness" of a webd session.  Without progressive downloading, the user has to wait for all of the container content to be downloaded from the server before the user can interact with it.  Whereas with progressive the user can interact with the content (watch video, leaf through PDF) while the download is still happening.

Given that webd connections are always going to be slower than a FMP-FMS connection that seems to be a reasonable design decision.

[Steven H. Blackwell]

I have initiated an inquiry about this item.  Nothing to report yet; however, I will report back when I learn anything more.

 

Steven

[Matt Klein]

Given that webd connections are always going to be slower than a FMP-FMS connection that seems to be a reasonable design decision.

 

I don't disagree at all.  Performance is important, but so is security in some cases.  If Steven finds out that interactive content is sent to the browser from WebDirect using HTTP instead of HTTPS,  then it would be nice to have the option to turn progressive downloading off to maintain the HTTPS connectivity.

 

We are used to giving up things in the name of security.   Telling a client that they have to wait until the document is completely downloaded before interacting with it for the sake of security would not be a problem IMHO.

 

I'm hoping that Steven finds that the interactive content is sent from WebDirect to the browser using HTTPS.

[Steven H. Blackwell]

Here is the information I have discovered.

 

The files are not transmitted via HTTPS between WebDirect and the user's browser.  The behavior is the same as with FileMaker Pro client.

 

Perhaps one day this behavior will change.  But that's the way it is for now.

 

Steven

[Matt Klein]

The files are not transmitted via HTTPS between WebDirect and the user's browser.

 

That's what I was afraid of.   

 

If I could just bother you for one more bit of confirmation......if "Allow progressive downloading" is marked,  then the interactive container data is sent from WebDirect to the browser using unencrypted/secure HTTP, but if "Allow progressive downloading" is NOT marked and "Require secure connections" IS marked, then the container data is sent from WebDirect to the browser using encrypted/secure HTTPS.    It just wouldn't be interactive.    Is that correct?

 

If so,  then using the Export Field Contents script step to allow the user to save the PDF in the container to their computer would be a secure way to deliver PDFs to a WebDirect user.   Is that correct?

[LaRetta]

Hey everyone, is there any way in newer versions of FM to preview and save a PDF stored in a container from Web Direct?  I can Export Field Contents to temp directory and automatically open and it works fine on desktop but Web Direct only allows me to save it (ADDED: but not preview it).  I'd like the option of Preview without having to worry about a User's browser settings.

Matt Klein said, "If I could just bother you for one more bit of confirmation......if "Allow progressive downloading" is marked,  then the interactive container data is sent from WebDirect to the browser using unencrypted/secure HTTP, but if "Allow progressive downloading" is NOT marked and "Require secure connections" IS marked, then the container data is sent from WebDirect to the browser using encrypted/secure HTTPS.    It just wouldn't be interactive.    Is that correct?

We have SSL checked but not Allow Progressive Downloading since it is not secure (from what Steven Blackwell and Wim says).  Is that still true today?  This post is from 2014.

Edited June 30, 2018 by LaRetta