Reputation: 59213
How do you display a PDF online without worrying about it being shared without permission?
The company I work for sells medical statistics reports. Currently these reports are purchased through our website and then the healthcare provider receives a link to a PDF report. This link points to a web service that verifies the purchase and dumps a PDF into the response stream. Our web application is written in ASP.NET C#.
Up until the point of download this process is pretty secure, but nothing stops the providers from sharing these reports with others. Since our reports are primarily viewed on the PC anyway we are looking at options to do a web-only view of these PDFs that would prevent customers from being able to download the reports at all. They would log into their account and view the reports online.
What is the best way to go about doing this? What sort of viewer could we use that would enable the end user to see the PDF but not be able to download it? Flash comes to mind but we want these reports viewable on iPad because a lot healthcare providers are rapidly adopting iPads.
Update:
After some awesome feedback from you guys I have decided this is not an easy venture. My co-workers have been reading your responses and discussing them. I think we agree that we need to make it more painful to share these reports since we can hardly make it impossible. Password protecting them with the password they use to login to our site seems like a good option.
There is a reason they are sharing the PDF and not sharing their account information where their "friend" could login and download all the reports they want. So perhaps sharing a PDF that is locked with the same password they use to login to our service would be enough to deter them.
That, combined with watermarks to identify the customer when it does happen to get back to us seems like the only real options we have available.
Thanks everyone.
Upvotes: 2
Views: 2958
Answers (6)
Reputation: 21984
Technically This is not possible. I following are the possible solutions.( almost none of them are ideal)
1- Make is password protected. (Include some kind of DRM.)
2- Add personalized watermark.
3- Convert your PDF to SWF for display (This probably is the best solution).
4- Obfuscate your pdf path using some kind of script.
I could not think of anything else. I think the solution to this problem is not found yet. I think the big publishings have some kind of monitoring company, that monitors illegal distributions. Which you can probably achieve using some scripting also.
Upvotes: 0
Reputation: 88074
Any information you deliver to the client machine, regardless of mechanism, can be shared. There is no fundamental way to stop it.
Consider this: Let's say you created some type of "viewer" application for the data/file. Let's say you have managed to make it in such a way that the only people who can run the application have paid for it. (very big assumption)
Now, the user starts the app, downloads the data and sees it on the screen. "Great!" you think. However, it's still not secure. The user can easily do a screen shot (various ways of doing this) and simply pastes that into an email and pass it on.
Point is, even if you somehow have full control of the initial distribution, you have zero control over the desktop. And the desktop is pretty powerful.
Regarding PDFs... They require a viewer. There are many different viewers and they all provide varying degrees of support for the restriction "hints" that are in PDFs. Regardless, the file delivered will be cached by the browser and pretty easily accesible.
BTW, you might investigate scribd.com They have a developer API which might help for all cases but screen shots. You might also look at Adobe Digital Editions. It is supposedly "secure" as well... whatever that means ;)
Upvotes: 1
Reputation: 46057
I'm not sure if this is possible, because the PDf is loaded into Adobe Reader/Acrobat on the client. You might take a look at Winnovative's HTML to PDF tool though - I know there are a bunch of security options you can specify.
Here's a link to Winnovative's website:
http://www.winnovative-software.com/
And here are some of the security options you can specify when creating the PDF document:
PdfConverter pdf = new PdfConverter();
pdf.PdfSecurityOptions.CanCopyContent = false;
pdf.PdfSecurityOptions.CanPrint = false;
pdf.PdfSecurityOptions.CanEditContent = false;
I'm not sure, but one of these options might disable downloading capabilities.
Upvotes: 0
Reputation: 53991
You may be interested in Adobe LiveCycle. This is one of Adobe's rights management efforts and could be what you're looking for or at least give you some ideas on how to protect your data.
http://www.adobe.com/products/livecycle/rightsmanagement/
They have an interesting PDF here about
managing sensitive data inside and outside of your firewall
.
Upvotes: 0
Reputation: 14187
The strict answer is, "you can't". Anything you display in a web browser, I can take a screenshot of. And a screenshot is only my last resort. Usually, I have much better options. If it is a regular web page, I can copy/paste the text. If it is a PDF, I can save that. If you turn the PDF into a JPG on your server and send me that, I can save the JPG. If you try Flickr's lame trick of putting a transparent image on top of the real image so I can't right click and choose "save image as", I can block your transparent image with adblock or similar plugin.
At the end of the day, the most you can do is make it more annoying for a user to do the copy than to purchase another copy legitimately.
Upvotes: 0
Reputation: 360732
By definition if a user is viewing a pdf, they've downloaded it. If you translate it to html/css, then they're downloading that and can save/print the html (and with a pdf print driver, print directly to a brand new PDF in any case, bypassing the entire "security" system).
If you want to prevent sharing of the PDFs, then password protect them. PDF supports a master password (needed to make changes) and a user password (to open it). Encode the user ID into the pdf (watermark "downloaded by user XYZ" somewhere) and slap on the master password. Then you'll be able to figure out exactly who leaked the PDF, should it get out - there'll be a nice big watermark on there going "THEY DID IT!" for you.
PDF does have options to prevent printing, screen-reading, etc... But those are only hints to the reader program. Adobe Reader honors them (of course), but any other reader on the planet is free to ignore those restrictions if it chooses to.
Upvotes: 3
Related Questions
- Can I display a PDF, but not allow linking to it in a website?
- How to display a pdf file in asp.net web-form
- How can I show a non-public PDF file in browser?
- Display PDF in Web Application
- How to show a pdf file in a web page present on remote server
- Sharing the generated pdf in asp.net
- Displaying a PDF on a website
- how to load a pdf from server as an aspx page (or loading pdf files securely)?
- Displaying a PDF Document in ASP.net page
- ASP.net: Display PDF in a asp.net web page