Page 1 of 1

PDF's and behind the scenes passwords... should be tricky.

Posted: Fri Feb 15, 2008 2:48 pm
by greener
This is for http://www.cougarnotes.com

My website is designed to serve up PDF's to members with the right access. I have already programmed the PDF's to be served up from behind an htaccess so that PDF's can only be viewed while logged in with the appropriate access.

I want users to only be able to view PDF's while logged in or to be able to print them. I don't want them to be able to download them.

My Idea:
Can you open a password protected PDF with a password that is entered 'behind the scenes' either on the server side or in the users browser via javascript. This way the user never sees the password and if they do download the PDF's they won't be able to open them.

Re: PDF's and behind the scenes passwords... should be tricky.

Posted: Fri Feb 15, 2008 7:16 pm
by Christopher
I don't think you can do that, but there are many options available for PDF -- check the Adobe site.

Re: PDF's and behind the scenes passwords... should be tricky.

Posted: Fri Feb 15, 2008 7:49 pm
by Chris Corbyn
That wouldn't really be possible no. You could experiment with multipart/x-mixed-replace content-types and see if it's possible to push a new "corrupt" version down to replace the working version. In theory, the browser should only "display" the version it can actually display.

Code: Select all

<?php
 
header("Content-Type: multipart/x-mixed-replace; boundary=\"_=_foo_=_\"");
header("Content-Transfer-Encoding: 7bit");
 
/* The next parts send headers for nested content... in theory the browser displays each
 part until it hits one it can't display */
 
?>
--_=_foo_=_
Content-Type: application/pdf; filename="pdf.pdf"
Content-Transfer-Encoding: base64
Content-Disposition: inline

<?php

echo chunk_split(base64_encode(file_get_contents($the_real_pdf)));
 
?>
 
--_=_foo_=_
Content-Type: application/pdf; filename=pdf.pdf
Content-Transfer-Encoding: base64
Content-Disposition: inline
 
... some corrupt data ...
 
--_=_foo_=_--
 
Even if that worked, a programmer would be able to get the PDF data by viewing the source and base64_decode()'ing it.

multipart/x-mixed-replace is good fun to play with in any case. I'm releasing a library soon which will offer MIME support of HTTP to do those embedded downloads like sourceforge do using multipart content types.