[Zope] Re: Blocking downlaod of files

Martijn Pieters mj@digicool.com
Sun, 27 Feb 2000 01:39:33 -0500


From: Juri Jensen [mailto:juri@jones.dk]
> No, actually it's for a Intranet product, where I have to keep the
> PDF-files as safe as possible. I know I can't keep people 
> from snopping
> in their cache, but if I can disable saving and printing in 
> the PDF-file,
> and keep users from downloading the file directly, Im closer to what I
> need. but maybe it's getting too complicated for something that's not
> completely secure....?

- As stated, viewing a PDF from a server is the same as downloading it.
It just differs in where the browser stores the file.
- Disabling saving and printing is only a slight nuicance to someone
determined to steal the data. Printing can be circumvented with some
creative screengrabbing or custom PDF parsers, and as for saving, you
already downloaded a copy, so there is no need to save again.
- Security by obscurity never works. Again, if someone wants to steal
it, they'll be determined enough to find out how.

If your data needs to be this secure, don't use computers, go the
old-fashioned paper way. As soon as you go the intranet way, your data
is available to the user. Even custom clients cannot block
screengrabbing. The weakest point in the chain is the user, you would do
better spending the time on screening and a good non-disclosure
agreement.

-- 
Martijn Pieters, Software Engineer 
| Digital Creations http://www.digicool.com 
| Creators of Zope      http://www.zope.org 
| mailto:mj@digicool.com       ICQ: 4532236
| PGP:
http://wwwkeys.nl.pgp.net:11371/pks/lookup?op=get&search=0xA8A32149 
-------------------------------------------