PDF Security Questions 1

[simonchristieis]

I have several pdf documents that I would like to distribute on the internet, however, I dont want these files to be copied and redistributed.

I have searched for info on pdf security, and the concensus of opinion is that any security cannot be 100%, I realise that anyone with the time could hack whatever I chose to do.

But for the average user this would be beyond them.

My questions are.

What security options do adobe provide and are they any good?

Has anyone managed to programmatically secure a pdf document.

What problems have people come across while trying to solve this problem.

Thanks in advance

Simon

 

[tgreer]

The security options concern printing and editing, not distributing. Anyone who can SEE it, HAS it. Anyone who has it can redistribute it.

Thomas D. Greer

http://www.tgreer.com

Providing PostScript & PDF
Training, Development & Consulting

 

[simonchristieis]

Thank you for your reply.

Is there a way that the javascript events within the pdf file could be used as part of a security system?

Perhaps I could call a web service from within the pdf file to clarify ownership?

Any ideas on this?

Thanks in advance

Simon Christie

 

[tgreer]

Interesting ideas... but you'd be relying on the user only using Reader then, for PDF viewing/processing. Such is not universally the case.

You might investigate DRM. For example, search PDFzone for "DRM".

Thomas D. Greer

http://www.tgreer.com

Providing PostScript & PDF
Training, Development & Consulting

 

[simonchristieis]

Thanks for your help, it seems the issues are bigger than first imagined.

I think there is a feasable way of securing the document to some extent, but as I knew when I started, I cannot beat a serious cracker who has time to hack my documents.

This is certainly an issue that needs to be taken seriously by os / document creation software manufacturers.

I still believe I have a way of stopping somebody simply cutting and pasting the document, and am looking from a point that most of my clients would not have the knowledge / inclination to go further than that.

At least, any security is better than what we have now ie. none.

Thanks for your help.(A star for you)

Any more pointers?

Simon

 

[tgreer]

You have to consider what you mean by "user".

If you refer to a specific individual human, you face issues of them being "allowed" to transport the PDF to all of their various machines/devices.

If you mean a specific version/instance/install of a software program, what to do if they reinstall?

Maybe you mean "machine"... then you can do things with certificates.

The "eBook" market has dealt with some of these issues... namely, you can only read the content with specific software, that software has to be installed on a specific machine and registered to a specific user. Only the exact combination of all of the above enables the content.

And people for the most part loathe it!

So most security issues really boil down to: what is the worst that can really happen if people do what I don't want them to do? What do I lose? Is it worth investing/insuring against those losses?

If not... then drop the security altogether.



Thomas D. Greer

http://www.tgreer.com

Providing PostScript & PDF
Training, Development & Consulting