homepage Welcome to WebmasterWorld Guest from 54.227.146.68
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Home / Forums Index / WebmasterWorld / Ecommerce
Forum Library, Charter, Moderators: buckworks

Ecommerce Forum

    
PDF Document Protection
What are you using and why?
pageoneresults




msg:3315588
 10:46 am on Apr 19, 2007 (gmt 0)

Let's say I have a few PDF documents that I want to allow users to purchase. I don't have the budget nor do I have the time to implement a full blown DRM (Digital Rights Management) solution. I see that Adobe offer methods to protect documents but I can't locate any publicly available pricing model on that. I've also seen a few others on the first page of results for pdf protection. The Lizard is a bit pricey for our application.

I have users who will be making a one time purchase of my manual. I don't want that manual being sent to anyone else. I only want to allow a specific number of print(s), etc.

Anyone out there working in a pdf environment and doing DRM on a basic level? If so, care to share your wisdom with those not as wise? ;)

 

pageoneresults




msg:3321293
 2:42 pm on Apr 25, 2007 (gmt 0)

Shameless bump! Anyone out there working with pdfs from a digital rights management perspective? What's the best way to protect your pdf from being copied, shared, etc?

Pibs




msg:3332800
 9:18 am on May 7, 2007 (gmt 0)

I'd suggest that instead of pdf you try an ebook html compiler.

Avoid the one from antsoft, made my firewall jump repeatedly, attempting both uploads and downloads unexpectedly - there's plenty of others to choose from. Just this morning I was browsing and found what looks like a useful one for about $30. If you want really solid copy protection expect to pay closer to $100.

Alternatively get a cheaper one then a robust copy protection compiler which can be used for any future products and should, if you sniff around, have a "module" or 2 that you can give to some of the bigger payment processors such as regnow or shareit, for automated sales.

I use .NET Reactor for hardware locking and customers can buy the key instantly from shareit - but at nearly $200 that may be more than you were expecting. That is also designed for trial period stuff of course, which may not apply for a book (depends on the book).

But there are few means of truly securing a pdf.

P.

pageoneresults




msg:3342216
 5:08 pm on May 17, 2007 (gmt 0)

Ah, the compiler is an option.

I'm also looking at Adobe Document Center. Don't know why I didn't dig deeper into this one...

The AdobeŽ Document Center is a web-based application for controlling and tracking documents. Subscribers can control access and availability of documents through security policies managed by Adobe LiveCycleŽ Policy Server.

Policies solve the challenges of sharing files that are time-and version-sensitive and for content directed to a limited audience. As a subscriber, you decide who has access to your files and for how long, and whether recipients can copy, print, and add information. You can also track usage activity on files and revoke access to files when they are obsolete.

The most significant difference between the Document Center and password- or certificate-based security measures is that policies offer persistent protection. Any changes you make in the Document Center are updated in distributed files.

I do believe this is going to give my customer the ability to do "everything" they wanted to do with their document library. And I do mean everything. ;)

https://dc.adobe.com/

numnutz




msg:3343806
 10:27 am on May 19, 2007 (gmt 0)

I suggest if you can use PHP and the PDF plugin routines you could print the customers name within the document on the fly before the download - say on the footer "purchased from yourstore by John Doe" and also perhaps within the body of the text somewhere.

It could be edited out by someone with PDF knowledge of course but It may deter someone from giving away copies. Of course if they do you will know "who dun it"

nn :)

vincevincevince




msg:3343829
 11:37 am on May 19, 2007 (gmt 0)

numnutz has the best idea so far I think, and it will work well with non-Adobe PDF readers, of which there are many. After all, even with the best copy protection it is still possible to use a photocopier on the authorised printout... or screenshots and OCR if there's no printing available.

dannyboy




msg:3350380
 3:19 am on May 26, 2007 (gmt 0)

Look up Access PDF.

It's a free module which can be compiled on many different platforms.

It has a command line interface that can manipulate PDF's in many ways. It can add a user password, that will prevent anyone from opening it that doesn't know it.

If you know a bit about programming you can use something such as PHP's exec/passthru functions to init the pdftk executable that can genenerate/modify/passport-protect a source pdf on your server in a variety of ways.

[edited by: lorax at 3:00 pm (utc) on May 30, 2007]
[edit reason] no URLs please [/edit]

pageoneresults




msg:3372806
 11:41 pm on Jun 19, 2007 (gmt 0)

Okay, we signed up for Adobe Document Center, did an intial tour of the features and the solution fits our needs. Problem is, there is zero support for this "new product", none, nada.

So, we were forced to look at other solutions attempting to stay within a tight budget while we prepare a full scale DRM solution.

I finally got the client to implement some of Adobe's default protection measures (Adobe Acrobat) like the preventing of printing, selecting and copying, etc. I do realize there are programs out there that are designed to crack Adobe's basic methods but that's something we'll address when it arises.

So, we've got the pdf document squared away. Now, how do we serve that document and obfuscate the URI reference? Hmmm. Tick, tock, tick, tock... Oh, we're on Windows too, tick, tock, tick, tock. And, how do we make that document available only to users once they are logged in? Tick, tock, tick, tock...

Got it!

<%
if session("loginid") = "" then response.redirect "https://www.example.com/login/"

Const adTypeBinary = 1
Dim sPath
Dim sFile

sPath = "C:\temp\pdf\"
sFile = "example.pdf"

Response.ContentType = "application/pdf"
Response.AddHeader "Content-Disposition","filename=" & sFile

Set oStream = Server.CreateObject("ADODB.Stream")
oStream.Open
oStream.Type = adTypeBinary
oStream.LoadFromFile sPath & sFile

Response.BinaryWrite oStream.Read

oStream.Close
Set objStream = Nothing
%>

Drop the pdf at C:\temp\pdf\. Send the user through the above script and viola, you've provided an above average level of protection for your pdf document(s). My programmer tells me that this also works with .doc, .xls, etc. This is the key...

Response.ContentType = "application/pdf"

Something to do with "reading a binary file, then output to the buffer of the web browser as a pdf through the Response.ContentType.

Don't you just love challenges? Man, this was driving me crazy. It seemed so simple but we just couldn't piece it all together until the above script came into play. This is what happens when you brainstorm and everyone is Googling it. Finding the right search term(s) to uncover the solution(s) was a task in itself.

P.S. We needed to provide temporary access to document(s) that were already being sent in hard copy format via USPS. So the above worked out to be a great "simple" solution for our current pdf woes.

This is a "very basic" level of protection. I'm sure there are more efficient ways to do this but we had to work with the knowledge and tools available.

Mint Choc Chip




msg:3373141
 6:27 am on Jun 20, 2007 (gmt 0)

Clicklocker and CB Protect's Virtual Vault both claim to offer protection for pdf files too.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / WebmasterWorld / Ecommerce
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved