Geek Answers Handbook

Save As Prevention in Adobe PDF

We have a requirement to prevent the storage of additional copies of PDF files that exist on a network drive. Currently, we have “blocked” PDF files as tightly as the format allows, which means that they mainly copy / paste, edit and print. However, the client requires that no one can create an additional copy of the PDF after opening.

Using your own PDF, this is not possible, because firstly, they can always click the link in the browser and "Save As ..." on their desktop. Alternatively, they can click "Save As ..." inside Acrobat Reader, and there is no way (without a hacker) to disable this. In addition, even if we hack Acrobat Viewer, there is always a chance that they will be able to view and re-save the PDF in another third-party view.

There are a few initial alternatives that come to mind:

  • Use a DRM provider to block access to files - this is not an option due to expense

  • Create a web service that converts files to TIFF and then encrypts them with a "secret" key and serves them as ".abc" files. Create a special file viewer ".abc" that works only inside the client’s network and opens this file and decrypts it. Without a custom viewer, they cannot view files. They can copy them, but if the viewer is locked on his own machine or needs to work on the corporate network (for example, checks the secret key from the web service before launching), any copies that they make will not be open, state.

  • Create a Flash or Silverlight viewer that essentially does the same thing as above, but never saves the file on a PC - it just displays it in a browser.

Does anyone have other alternatives that could be simpler? The goal is not to have 100% protection against bombs, just so that employees cannot easily copy them by sending these copies by email to competitors, friends or other people who should not have access to these confidential files.

+4
source share
4 answers

The only option you mentioned that has at least some ability to work (and not too expensive to implement) is a user reader.

The reader application should never store any “secret” information (for example, keys), and it can only be used internally by accessing key and image data through a private web service. You have already noticed this.

It also should not store files at all; but just load the key and data into memory, decrypt the image, and then view it.

The "hard" part is data transformation. The rest is pretty simple stuff, for the most part.

The caveat here is that it will be easy for the user to print the screen and save the image.

Ultimately, the only truly secure method that allows them to see documents, but not save them, is to completely prevent them from viewing documents in a system to which they have physical or shared access to the network.

+3
source

Well, can't they get the information on the print screen? And in the end, the user can always simply rewrite it manually. Security is really only about raising the bar, making it too tedious or too time-consuming to steal information.

I would say that method 2 is very complicated and will consume a lot of your time, although it is still vulnerable to screen printing. I would do number 3 where you can reuse a lot of existing code and get a similar level of security.

+2
source

It is not possible to fully protect your limitations. If the data is valuable enough, people will find ways. The most primitive is to manually copy it, the step above is to take a picture (cell phone) on each page, the step above which would be a print screen, the step above which is one macro on the screen that saves all pages to a folder, the step above to read her from memory.

However, if your goal is simply "good enough" security (realizing that you can defeat it, but most users will not want to do this) will be a "client reader". This can be done via flash or silverlight. This can even be done using the stand-alone winform application.

There are libraries for displaying pdf. You can simply "wrap" the pdf file at the encryption level, give it a unique extension (pdx) and decrypt your "user player" and display the pdf. Given that you are implementing the PDF library, you can precisely control which options are available. You should also learn methods to make the print screen more complex as you simply move the attack vector to the next print screen. A.

+1
source

You can disable the print screen key using a script or group policy.

An example was copied below here .

Windows shell script

# =============================================================================# #* THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF *# #* ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED *# #* TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A *# #* PARTICULAR PURPOSE. *# # =============================================================================# [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Keyboard Layout] "Scancode Map"=hex:00,00,00,00,00,00,00,00,04,00,00,00,2a,e0,37,e0,00,00,37,e0,00,00,54,00,00,00,00,00 # ****************************************************************************** # The sample scripts are not supported under any Microsoft # standard support program or service. The sample scripts # are provided AS IS without warranty of any kind. Microsoft # further disclaims all implied warranties including, without # limitation, any implied warranties of merchantability or of # fitness for a particular purpose. The entire risk arising out # of the use or performance of the sample scripts and documentation # remains with you. In no event shall Microsoft, its authors, or # anyone else involved in the creation, production, or delivery of # the scripts be liable for any damages whatsoever (including, without # limitation, damages for loss of business profits, business # interruption, loss of business information, or other pecuniary loss) # arising out of the use of or inability to use the sample scripts or # documentation, even if Microsoft has been advised of the possibility # of such damages. # ******************************************************************************
-1
source

More articles:


All Articles