It’s easy, really.
First, I put them in a directory where the public does not have access.
For example, try to go to http://www.abouthomes.info/rr/reports/2007
You have no access yet that’s where I store all reports.
Now click on this link: http://www.abouthomes.info/rr/reports/2007/007-0821-NACHI.pdf
You have access to that even though it is in a directory to which you do not have access.
Now just for fun, try to go to
http://www.abouthomes.info
http://www.abouthomes.info/rr
or
http://www.abouthomes.info/rr/reports
The only one you have access to is the home page.
Now once you have the directory structure established, create a file-naming convention that no one can guess so that you can store all reports in the same directory. Here’s the one I created using as an example the file for the inspection that I did for Sir Paul McCartney yesterday:
007-1012-0848-spm.pdf
It’s not a real file. Hopefully everyone realizes this although I’m sure there are about four people who don’t. Onwards…
I’ll break down the file name for you:
007 = year that the inspection was done using just the last three digits
1012 = month and day that the inspection was done
0848 = consecutive number for the year, allowing me to do up to 9,999 inspections annually before I have to modify the file-naming convention. I did that when my goal was for each of my nine inspectors to do 1,000 inspections annually and 999 left over for part-time help during high-demand periods.
spc = initials of Client.
Now even if you know the file-naming convention, you can’t guess the file name of any otehr inspections because you don’t know the initials of my Clients.
But what if the same Client wants another inspection next year on the exact same day? The year changes.
What if the same Client wants another inspection later this year? The month and day change.
And in both cases, the consecutive number would probably change as well.
With such a file-naming convention, I have never password-protected my reports for Clients, only secured them against alteration. I always thought that password-protecting them with a password of my choosing was inconvenient to my Clients, especially since they wouldn’t have the opportunity to change the password.
I’m not sure I understand what you mean by “denied access to the system” but, yes, you do know the current answer to the question about the e-newsletter. That doesn’t mean that I don’t continue to bop Nick, Dee, and Chris about it. As my wise old grandmother said, “Bop 'em 'til they drop! (or at least until they give in just to get you to go away).”