[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 478
  • Last Modified:

PDF stamping using PHP or encryption using PHP which is better

Dear experts,

I would like your  knowledge and advice in regards to PDF stamping or encryption using PHP. I have found a couple of API for achieving this but would like some sound advice. I have two PDF books as part of a membership program which I would like to protect as much as possible from theft. I have looked at many solutions on the net for protecting PDF ebooks etc and have tried out many of them. From a users perspective if i had to deal with the complexity of these solutions I would never buy anything again from that company. The best solution seems to be stamping with PHP, as i run a membership site that is selling a product and service I am planning on stamping the name and address and email of the person for added protection, which does not put the user out. I am also wondering that if instead encrypting using PHP and making the encryption password there email will be a better way to prevent over load for my server as I understand that this process is quite processor intense. I would be grateful for some advice regarding this please. What others have used? What you feel is the better solution. What is the best and easiest way to implement this?

Also may I ask when you get the PDF stamped or encrypted is it best to store that copy on the server so that if the user needs to download it again the server does not have to make another copy or is there a better way. I will be restricting my user to a max of 3 downloads to save on bandwidth.

Many thanks as always for your help.
0
Lightwalker
Asked:
Lightwalker
  • 4
  • 2
1 Solution
 
Ray PaseurCommented:
I say stamp it with the client information, and tell your clients they are part of a "membership organization" that protects its valuable intellectual property.

Any way you handle this issue, if someone wants to steal your digital PDF data, they will be able to do it.  So make it easy for your legitimate clients to get what they paid for, and rely on the terms of service to make your copyright enforceable.

Best regards, ~Ray
0
 
Ray PaseurCommented:
Regarding this, "...it best to store that copy on the server..."

Yes, I think I would do that, and email a link to the client.  You might use an obscure file name to access the file.  You might use a "force download" script that keeps a count of the downloads and makes the file ineligible for future download after three tries.

If the file is not too large and is named sensibly, ending in .PDF, you might send the client an email with the file in an attachment.  However you should be careful not to make this the only strategy because many (more and more) people use wireless handheld devices to access the WWW, and attachments are not always welcome.
0
 
LightwalkerAuthor Commented:
Dear Ray,

Thank you again for your comments. I agree with what you are saying. the PDF's are to large to email successfully and I am planning to use a forced download so that I can keep track of the number of downloads. It also means I can remove the PDF that have been downloaded 3 times in order to save space on the server.

I was wondering if you know of the best PDF stamper API, as I am still learning ( and in all honesty will need to hire someone to do this for me) I have found a german company that writes an API for this purpose. I have included the link below:

http://www.setasign.de/products/pdf-php-solutions/setapdf-stamper/

My only concern with this (apart from the price but they seem reputable so I do not mind) is that it appears to use a caching method and I would prefer like you said to store the stamped PDF on the server rather than caching the document.

Any guidance you can give I would be very grateful
0
Free recovery tool for Microsoft Active Directory

Veeam Explorer for Microsoft Active Directory provides fast and reliable object-level recovery for Active Directory from a single-pass, agentless backup or storage snapshot — without the need to restore an entire virtual machine or use third-party tools.

 
Ray PaseurCommented:
Regarding the PDF books... Do you know about FPDF?  It is a PHP class that can create PDF files for you.  If you can make the books by using the FPDF class, you can simply insert your ownership stamp right into the PDF document.  I have used the class many times and found it to be excellent - fast and accurate for both text and graphics.  More information is available here:
http://fpdf.org/

In the code snippet is an example of a force-download script.  The headers work on every browser I have been able to test.  You can easily modify that script to become login-aware and to take the encoded name of the file from the URL string.

As far as login-aware scripts go, I have an article here at EE that describes the design pattern.
http://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/A_2391-PHP-login-logout-and-easy-access-control.html

Hope that helps get your project up and running, ~Ray
<?php // RAY_force_download.php
error_reporting(E_ALL);



// A FILE TO DOWNLOAD - THIS LINK COULD COME IN THE URL VIA $_GET, OR COULD BE GENERATED INSIDE THE SCRIPT
$url = "http://www.google.com/intl/en_ALL/images/logo.gif";

// USE CASE
force_download($url);




// FUNCTION TO FORCE A DOWNLOAD FROM A FILE
function force_download($filename)
{
    // GET A NAME FOR THE FILE
    $basename = basename($filename);

    // GET THE CONTENTS OF THE FILE
    $filedata = file_get_contents($filename);

    if ($filedata)
    {
        // THESE HEADERS ARE USED ON ALL BROWSERS
        header("Content-Type: application-x/force-download");
        header("Content-Disposition: attachment; filename=\"$basename\"");
        header("Content-length: ".(string)(strlen($filedata)));
        header("Expires: ".gmdate("D, d M Y H:i:s", mktime(date("H")+2, date("i"), date("s"), date("m"), date("d"), date("Y")))." GMT");
        header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT");

        // THIS HEADER MUST BE OMITTED FOR IE 6+
        if (FALSE === strpos($_SERVER["HTTP_USER_AGENT"], 'MSIE '))
        {
            header("Cache-Control: no-cache, must-revalidate");
        }

        // THIS IS THE LAST HEADER
        header("Pragma: no-cache");

        // FLUSH THE HEADERS TO THE BROWSER
        flush();

        // CAPTURE THE FILE IN THE OUTPUT BUFFERS - WILL BE FLUSHED AT SCRIPT END
        ob_start();
        echo $filedata;
    }

    // ERROR
    else
    {
        die("ERROR: UNABLE TO OPEN $filename");
    }
}

Open in new window

0
 
LightwalkerAuthor Commented:
Thank you so much for e help
0
 
Ray PaseurCommented:
Thanks for the points - it's a great question, ~Ray
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

  • 4
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now