hibbidiji
asked on
dynamically password protect and serve an existing pdf file
I am selling access to a PDF file I would like to allow users to purchase the pdf and I would like to dynamically password protect it. I.E. When the user clicks to download it, their password will be assigned to it. Can anyone point me at a class for this?
Thanks!
Thanks!
ldbkutty
Do you want to make your PDF files to be secure ?
ASKER
yes, i would like to protect the actual pdf file itself, not just password protect the download area.
There is currently no class availible to do that, its too specific.
What is the purpose of having it password protected, perhaps we can give you an alternative.
What is the purpose of having it password protected, perhaps we can give you an alternative.
ASKER
well I dont want people to download the pdf and give it to everyone they know, or post it on a newsgroup. I also dont want to password protect it with just one password that would just as easily be distrobuted with the pdf. by password protecting dynamically, with the users email address it would make people think twice about giving it to everyone ;)
maybe there exists some commend line utility to make passwords for pdf... try to find it. if you have php exec() command available, you could do miracles then :)
You could always use encryption techniques, for instance making a hash with the user's email and password joined together then taking a substring of that, changing all the numbers to letter equivalents and reversing it or something. But you can always try the pdf utilities redlemon's talking about.
Regards,
--Zyloch
Regards,
--Zyloch
ASKER
I'm just not finding any good utilities. It looks like pdflib in php can do it, but to do it the way I need it would cost quite a bit. I'm not really seeing any free utils out there on google
This is the best i could come up with, it does what you want and is quite cheap as such things go...
http://www.sharewareriver.com/product.php?id=4557
http://www.sharewareriver.com/product.php?id=4557
on the other hand this is a php solution which may do the trick:
http://www.wazzup.co.nz/tutorials/protect_pdf/index.php
http://www.wazzup.co.nz/tutorials/protect_pdf/index.php
When you password protect a pdf file, cant you remove or change the password after you enter the current password?
ASKER
The windows app is cool but not useful because I would need to do it for each customer one by one. The wazzup.co.nz solution is not what I would want as it doesnt protect the document after the download has happened. I am begining to think I'm out of luck...
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
>> The wazzup.co.nz solution is not what I would want as it doesnt protect the document after the download has happened.
well i can understand this fully but you have to wonder, if you have paid to download something would you be that willing to give it away for free, personally i wouldn't but its very much a case of each to their own.
I dont think that there is a PHP method that can protect the file after it has been downloaded so to do this you will have to depend of an additional application to modify the pdf.
well i can understand this fully but you have to wonder, if you have paid to download something would you be that willing to give it away for free, personally i wouldn't but its very much a case of each to their own.
I dont think that there is a PHP method that can protect the file after it has been downloaded so to do this you will have to depend of an additional application to modify the pdf.
Another possible way is to do this:
1) Get a .pdf encryption program.
2) Download Perl (heh)
3) Using PHP, when a new user requests to download the file, get the user's email from the database, mix some hashes or whatever to make an unique password. Tell PHP to send an email to your account (make sure it supports POP3 like Hotpop.com).
4) Make a Perl program to automatically connect to your email and download the emails periodically. (Probably keep it running and just keep track of the time)
5) Use another Perl program to automatically format the resulting text file of emails. Find the ones that are useful using regular expressions and get the useful information. Use Perl to make a program called password.html (where the password is the unique password you got in the beginning to avoid naming conflicts) With Title as PDF Password.
6) You can probably run a PHP script to check if anything new appears in that directly refreshing itself periodically. If something new occurs, use Javascript or an ActiveX control or the such to open that file in a new browser. (or Wsh)
7) Set Macro Express to run on recognizing Window Titles (add Microsoft Internet Explorer at end if needed) and set it to PDF Password
8) Have Macro Express automatically highlight the displayed password and username (you should also send that with the PHP) Copy it, and encrypt the pdf file with the encrypter (automate the clicks and stuff)
9) Save the pdf with the name of the password to avoid naming conflicts in a new directory.
10) Have another php file check for new files in that directory. If there are some, use Macro Express to upload it to your web server.
11) Tell the user they have to wait maybe an hour or something till next upload or something. Then, they can click "See If File Has Arrived" and if the filename with the user's password exists, then download. Otherwise, return error.
Needs a lot of fine tuning, but best I could think of that isn't manual.
Regards,
--Zyloch
1) Get a .pdf encryption program.
2) Download Perl (heh)
3) Using PHP, when a new user requests to download the file, get the user's email from the database, mix some hashes or whatever to make an unique password. Tell PHP to send an email to your account (make sure it supports POP3 like Hotpop.com).
4) Make a Perl program to automatically connect to your email and download the emails periodically. (Probably keep it running and just keep track of the time)
5) Use another Perl program to automatically format the resulting text file of emails. Find the ones that are useful using regular expressions and get the useful information. Use Perl to make a program called password.html (where the password is the unique password you got in the beginning to avoid naming conflicts) With Title as PDF Password.
6) You can probably run a PHP script to check if anything new appears in that directly refreshing itself periodically. If something new occurs, use Javascript or an ActiveX control or the such to open that file in a new browser. (or Wsh)
7) Set Macro Express to run on recognizing Window Titles (add Microsoft Internet Explorer at end if needed) and set it to PDF Password
8) Have Macro Express automatically highlight the displayed password and username (you should also send that with the PHP) Copy it, and encrypt the pdf file with the encrypter (automate the clicks and stuff)
9) Save the pdf with the name of the password to avoid naming conflicts in a new directory.
10) Have another php file check for new files in that directory. If there are some, use Macro Express to upload it to your web server.
11) Tell the user they have to wait maybe an hour or something till next upload or something. Then, they can click "See If File Has Arrived" and if the filename with the user's password exists, then download. Otherwise, return error.
Needs a lot of fine tuning, but best I could think of that isn't manual.
Regards,
--Zyloch
ASKER
I think I could, if no other options are forthcoming, use the command line version of encryptpdf with php on a seperate server to actually serve the documents. If noone minds I will leave the question open a little longer in case someone has a more direct (unix only) solution
http://www.uwsg.iu.edu/usail/automation/tools.html
This site might have helpful tips on Unix automation :-)
Regards,
--Zyloch
This site might have helpful tips on Unix automation :-)
Regards,
--Zyloch
> well I dont want people to download the pdf and give it to everyone they know, or post it on a newsgroup.
Even if you figure out a way to do it, you're not going to stop this if they really want to do it
>by password protecting dynamically, with the users email address it would make people think twice about
>giving it to everyone ;)
Good thinking .. Good thing there's not any "FREE" email services (hotmail, yahoo) that stop you from opening mutiple accounts, one of which just to use for this purpose.
Otherwise one could just open up a new account, pay for the pdf, assign the soon to be dummy email account, retrieve the email verification, complete the order then never check the account again.
Even if you are successful in doing this.
1) Obtain the file
2a) print and digitize
3) distribute
or
2b) print to alternate PDF (eliminating password requirements)
3) distribute
The point I'm trying to make is that if someone wants to distribute the file bad enough they will.
Expecially if they feel they've been ripped off, or that the data contained is no different than that which could be obtained via a
structured google query.
Just my 2cents
Even if you figure out a way to do it, you're not going to stop this if they really want to do it
>by password protecting dynamically, with the users email address it would make people think twice about
>giving it to everyone ;)
Good thinking .. Good thing there's not any "FREE" email services (hotmail, yahoo) that stop you from opening mutiple accounts, one of which just to use for this purpose.
Otherwise one could just open up a new account, pay for the pdf, assign the soon to be dummy email account, retrieve the email verification, complete the order then never check the account again.
Even if you are successful in doing this.
1) Obtain the file
2a) print and digitize
3) distribute
or
2b) print to alternate PDF (eliminating password requirements)
3) distribute
The point I'm trying to make is that if someone wants to distribute the file bad enough they will.
Expecially if they feel they've been ripped off, or that the data contained is no different than that which could be obtained via a
structured google query.
Just my 2cents
True to form, everything's about distributing nowadays. Big example: Kazaa or Kazaa Lite
You're going to find cracks and serial numbers all over the Internet. There's no way to stop the people from distributing, they'll crack the program if they have to. (There are some very smart people out there, much smarter than Einstein, believe it or not.)
But if you make it as hard as possible for them to do so, they may not have the skill or just be too lazy to do it.
Regards,
--Zyloch
You're going to find cracks and serial numbers all over the Internet. There's no way to stop the people from distributing, they'll crack the program if they have to. (There are some very smart people out there, much smarter than Einstein, believe it or not.)
But if you make it as hard as possible for them to do so, they may not have the skill or just be too lazy to do it.
Regards,
--Zyloch
> But if you make it as hard as possible for them to do so, they may not have the skill or just be too lazy to do it.
;) but then again, you're also likely to attract the type of person who loves the challange..
or tick someone off enough to do it just in spite lol
;) but then again, you're also likely to attract the type of person who loves the challange..
or tick someone off enough to do it just in spite lol
*Shudders* Disturbing heh.
Well, that's all I've got. If anyone else has any suggestions for this question, please throw them in.
Regards,
--Zyloch
Well, that's all I've got. If anyone else has any suggestions for this question, please throw them in.
Regards,
--Zyloch
ASKER
regarding kenfcamp's comments.
Your suggestion (if there is one) is similar to suggesting that dvd copy protection should now be removed, just because deCSS is out. Or perhaps Microsoft should stop using cd keys because there are keygens out there :) If ONE person purchases the product (Which is proprietary information and certainly not available on google) doesnt post it to the world then the trouble was worth it.
anyhoo. I'm going to let this question linger overnight in the hopes that someone will have a unix solution. if not, my points go to Zyloch for the link: http://www.verypdf.com/encryptpdf
There is a command line version of it that I can run on a seperate windows box and capture / serve the output with php.
Your suggestion (if there is one) is similar to suggesting that dvd copy protection should now be removed, just because deCSS is out. Or perhaps Microsoft should stop using cd keys because there are keygens out there :) If ONE person purchases the product (Which is proprietary information and certainly not available on google) doesnt post it to the world then the trouble was worth it.
anyhoo. I'm going to let this question linger overnight in the hopes that someone will have a unix solution. if not, my points go to Zyloch for the link: http://www.verypdf.com/encryptpdf
There is a command line version of it that I can run on a seperate windows box and capture / serve the output with php.
> Your suggestion (if there is one)
Other than pointing out that this isn't going to work as well as you want it to.
For a example, download the demo, create a protected pdf, provide a location for it, along with the password (as if it was purchased) and I will provide a different pdf w/ the content un protected in under a 1 min.
There's nothing wrong with trying to protect what's yours, I just think the method you are trying to use (or format) isn't the most desirable for what you're trying to accomplish.
> if not, my points go to Zyloch for the link: http://www.verypdf.com/encryptpdf
As it should.
You asked a specific question, and he provided a specific answer to it.
Other than pointing out that this isn't going to work as well as you want it to.
For a example, download the demo, create a protected pdf, provide a location for it, along with the password (as if it was purchased) and I will provide a different pdf w/ the content un protected in under a 1 min.
There's nothing wrong with trying to protect what's yours, I just think the method you are trying to use (or format) isn't the most desirable for what you're trying to accomplish.
> if not, my points go to Zyloch for the link: http://www.verypdf.com/encryptpdf
As it should.
You asked a specific question, and he provided a specific answer to it.
ASKER
I appreciate your offer, and I'll take you up on it. I'm not very well versed in pdf security (or I'd darn well write the encrypter in c myself ;)
Take a look at http://www.cordlesshead.com/bindenc.pdf
The password is "password"
I would really appreciate seeing how easy it really is to unprotect this document yet maintain its integrity (not just printscreening etc)
Thanks!
Take a look at http://www.cordlesshead.com/bindenc.pdf
The password is "password"
I would really appreciate seeing how easy it really is to unprotect this document yet maintain its integrity (not just printscreening etc)
Thanks!
http://www.verypdf.com/encryptpdf says you can prevent printing. I don't know if this is also allowed in the command line version. The biggest problem is that the person just has to share the file and the password and voila! everyone has it. Possibly, you can make the password: username+password+special password for the pdf
Not as many people would give out their usernames and passwords, but people can create dummy accounts also.
There's no realy clear solution to this, like kenfcamp said.
As a last ditch attempt, perhaps you can post this in another TA, maybe Security or the like.
Regards,
--Zyloch
Not as many people would give out their usernames and passwords, but people can create dummy accounts also.
There's no realy clear solution to this, like kenfcamp said.
As a last ditch attempt, perhaps you can post this in another TA, maybe Security or the like.
Regards,
--Zyloch
ASKER
Agreed. I will most likely end up using this solution. i COULD do it beautifully in PHP with phplib, but the cost is a nightmare. I DO have lots of servers at my disposal, so I will most likely do up a window+apache+php+encryptp
1. companies with literally BILLIONS of dollars behind them still do their best and are bested (photoshop cs is a great example) but still try.
2. if sales are good enough to be spread out all over the net in a horrible way then we have a good product and I suppose thats a good thing in a twisted way :)
Since most people will not know that I will be encrypting with email (or email+u/p like you said... all the more info to not want to release) hoefully they will use real information. One of the big advantages for me is that If the pdf is password protected with an email, and I find it out there on the net (which i will if it gets enough distrobution to harm me) I will know exactily who distrobuted it and I will be in a position to deal with them from a TOS point of view. This, as much as anything else, is a good reason to do this.
see? I'm not TERRIBLY naive or stupid.
1. companies with literally BILLIONS of dollars behind them still do their best and are bested (photoshop cs is a great example) but still try.
2. if sales are good enough to be spread out all over the net in a horrible way then we have a good product and I suppose thats a good thing in a twisted way :)
Since most people will not know that I will be encrypting with email (or email+u/p like you said... all the more info to not want to release) hoefully they will use real information. One of the big advantages for me is that If the pdf is password protected with an email, and I find it out there on the net (which i will if it gets enough distrobution to harm me) I will know exactily who distrobuted it and I will be in a position to deal with them from a TOS point of view. This, as much as anything else, is a good reason to do this.
see? I'm not TERRIBLY naive or stupid.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Ok,
Here I go
Here I go
http://www.campbus.com/downloads/bindenc-new.pdf
There you go *note only the first 12 pages are done I could have done more but I only have a demo
There you go *note only the first 12 pages are done I could have done more but I only have a demo
PDFLib is probably a good solution, but if you've got no budget or barely any budget at all, there's not too much of a point, since even a beginner user just has to upload it to Kazaa or something along with the key (*sigh*).
And even if you can stop that (somehow), you've also got to stop the user from capturing your screen and just displaying it as a slideshow :(
Anyways, if you think you're up to it, and you're rich enough, use pdflib, because no current solution that I've found so far are really elegant.
(Reminds me of CSS and IE lol)
Regards,
--Zyloch
And even if you can stop that (somehow), you've also got to stop the user from capturing your screen and just displaying it as a slideshow :(
Anyways, if you think you're up to it, and you're rich enough, use pdflib, because no current solution that I've found so far are really elegant.
(Reminds me of CSS and IE lol)
Regards,
--Zyloch
ASKER
I appreciate ALL The help from everyone that posted. In the end, the plop program was more than reasonably priced and fits the bill perfectly. As it is the solution i'm going with, it gets the bulk of my points. a VERY big thanks to Zyloch for http://www.verypdf.com/encryptpdf/ as well as it would have been my ideal choice if I was on the windows platform. As I was too careless to mention my platform up front, perhaps all the windows fans out there will find it to be the best solution for their applications.