[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 253
  • Last Modified:

How to secure PDF files

Greetings,

I have couple PDF files on W2K3 web server. Right now I use ASP to check user's login info, then link them to the PDF files. But the user can still browse the the PDF file if they know the path. Is there anyway to secure the PDF files?

Thanks.
0
mrong
Asked:
mrong
  • 4
  • 4
1 Solution
 
RoonaanCommented:
As fpdf.org can write a pdfcreation script which can create password encrypted pdf-files on the fly using PHP, there must be someone who has written such a thing for ASP.

The PDF's will be secure by 2 pwds. Readonly pwd to access the file and a owner pwd to be able to edit the file in adobe.

Although not fully ontopic, it might help you to keep hopes up :-)

-r-
0
 
mikeleebrlaCommented:
all you have to do is set proper NTFS security on your network,,, that will work 100% regardless of the filetype or extension.  IE check the security on the file by going to the properties of the file.
0
 
mrongAuthor Commented:
Yes, I can set up NT folders security, but I don't want create NT local account for each users.
0
 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

 
mikeleebrlaCommented:
so you are asking how to password protect a file then basically, without using NTFS secuirty then right?
0
 
mrongAuthor Commented:
What do you mean by password protection? All the users share the same password?

Thanks.
0
 
mikeleebrlaCommented:
lets get to the root of the problem,, you say that you check the users login info with an ASP script.  what do you mean exacly?  where are the usernames/passwords stored? in a database you created or do you use an ASP script to have them all log into AD with the same account?
0
 
mrongAuthor Commented:
The usernames/passwords are stored in Text file.
0
 
mikeleebrlaCommented:
ok,, so you have an app that basically is a portal that lets users into a separate portion of your website.... and from there im not sure which NTFS account they are using (probably the built in IUSER account which is for anonymous IIS access)  It is my guess that anyone could get to these URLs without any username/password at all.  But my point is, withough NTFS secuirty set up, you users will ALWAYS be able to access any file once they get past your ASP username/password. Especially if they all log in with the same username/password like you mentioned..... if they are all loging in with the same username/password how is the server supposed to know who should get to which files??  I know that is not the answer that you are looking for but it is the right answer and the easiest and most secure way to set up security.  Its built into the OS and is VERY easy to set up.
0
 
mrongAuthor Commented:
The text file store multiple user names. My Asp run a COM, it first check weather the user name exist in the text file then use COM the authenticate with LDAP server.

Are you saying it can't be done without using NTFS security(folder permission)?

Thanks.
0

Featured Post

 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

  • 4
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now