Solved

PDF stamping using PHP or encryption using PHP which is better

Posted on 2010-09-17
6
450 Views
Last Modified: 2012-05-10
Dear experts,

I would like your  knowledge and advice in regards to PDF stamping or encryption using PHP. I have found a couple of API for achieving this but would like some sound advice. I have two PDF books as part of a membership program which I would like to protect as much as possible from theft. I have looked at many solutions on the net for protecting PDF ebooks etc and have tried out many of them. From a users perspective if i had to deal with the complexity of these solutions I would never buy anything again from that company. The best solution seems to be stamping with PHP, as i run a membership site that is selling a product and service I am planning on stamping the name and address and email of the person for added protection, which does not put the user out. I am also wondering that if instead encrypting using PHP and making the encryption password there email will be a better way to prevent over load for my server as I understand that this process is quite processor intense. I would be grateful for some advice regarding this please. What others have used? What you feel is the better solution. What is the best and easiest way to implement this?

Also may I ask when you get the PDF stamped or encrypted is it best to store that copy on the server so that if the user needs to download it again the server does not have to make another copy or is there a better way. I will be restricting my user to a max of 3 downloads to save on bandwidth.

Many thanks as always for your help.
0
Comment
Question by:Lightwalker
  • 4
  • 2
6 Comments
 
LVL 108

Expert Comment

by:Ray Paseur
ID: 33700928
I say stamp it with the client information, and tell your clients they are part of a "membership organization" that protects its valuable intellectual property.

Any way you handle this issue, if someone wants to steal your digital PDF data, they will be able to do it.  So make it easy for your legitimate clients to get what they paid for, and rely on the terms of service to make your copyright enforceable.

Best regards, ~Ray
0
 
LVL 108

Expert Comment

by:Ray Paseur
ID: 33700969
Regarding this, "...it best to store that copy on the server..."

Yes, I think I would do that, and email a link to the client.  You might use an obscure file name to access the file.  You might use a "force download" script that keeps a count of the downloads and makes the file ineligible for future download after three tries.

If the file is not too large and is named sensibly, ending in .PDF, you might send the client an email with the file in an attachment.  However you should be careful not to make this the only strategy because many (more and more) people use wireless handheld devices to access the WWW, and attachments are not always welcome.
0
 

Author Comment

by:Lightwalker
ID: 33705888
Dear Ray,

Thank you again for your comments. I agree with what you are saying. the PDF's are to large to email successfully and I am planning to use a forced download so that I can keep track of the number of downloads. It also means I can remove the PDF that have been downloaded 3 times in order to save space on the server.

I was wondering if you know of the best PDF stamper API, as I am still learning ( and in all honesty will need to hire someone to do this for me) I have found a german company that writes an API for this purpose. I have included the link below:

http://www.setasign.de/products/pdf-php-solutions/setapdf-stamper/

My only concern with this (apart from the price but they seem reputable so I do not mind) is that it appears to use a caching method and I would prefer like you said to store the stamped PDF on the server rather than caching the document.

Any guidance you can give I would be very grateful
0
Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 108

Accepted Solution

by:
Ray Paseur earned 500 total points
ID: 33707470
Regarding the PDF books... Do you know about FPDF?  It is a PHP class that can create PDF files for you.  If you can make the books by using the FPDF class, you can simply insert your ownership stamp right into the PDF document.  I have used the class many times and found it to be excellent - fast and accurate for both text and graphics.  More information is available here:
http://fpdf.org/

In the code snippet is an example of a force-download script.  The headers work on every browser I have been able to test.  You can easily modify that script to become login-aware and to take the encoded name of the file from the URL string.

As far as login-aware scripts go, I have an article here at EE that describes the design pattern.
http://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/A_2391-PHP-login-logout-and-easy-access-control.html

Hope that helps get your project up and running, ~Ray
<?php // RAY_force_download.php
error_reporting(E_ALL);



// A FILE TO DOWNLOAD - THIS LINK COULD COME IN THE URL VIA $_GET, OR COULD BE GENERATED INSIDE THE SCRIPT
$url = "http://www.google.com/intl/en_ALL/images/logo.gif";

// USE CASE
force_download($url);




// FUNCTION TO FORCE A DOWNLOAD FROM A FILE
function force_download($filename)
{
    // GET A NAME FOR THE FILE
    $basename = basename($filename);

    // GET THE CONTENTS OF THE FILE
    $filedata = file_get_contents($filename);

    if ($filedata)
    {
        // THESE HEADERS ARE USED ON ALL BROWSERS
        header("Content-Type: application-x/force-download");
        header("Content-Disposition: attachment; filename=\"$basename\"");
        header("Content-length: ".(string)(strlen($filedata)));
        header("Expires: ".gmdate("D, d M Y H:i:s", mktime(date("H")+2, date("i"), date("s"), date("m"), date("d"), date("Y")))." GMT");
        header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT");

        // THIS HEADER MUST BE OMITTED FOR IE 6+
        if (FALSE === strpos($_SERVER["HTTP_USER_AGENT"], 'MSIE '))
        {
            header("Cache-Control: no-cache, must-revalidate");
        }

        // THIS IS THE LAST HEADER
        header("Pragma: no-cache");

        // FLUSH THE HEADERS TO THE BROWSER
        flush();

        // CAPTURE THE FILE IN THE OUTPUT BUFFERS - WILL BE FLUSHED AT SCRIPT END
        ob_start();
        echo $filedata;
    }

    // ERROR
    else
    {
        die("ERROR: UNABLE TO OPEN $filename");
    }
}

Open in new window

0
 

Author Closing Comment

by:Lightwalker
ID: 33710028
Thank you so much for e help
0
 
LVL 108

Expert Comment

by:Ray Paseur
ID: 33710995
Thanks for the points - it's a great question, ~Ray
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

Foreword (July, 2015) Since I first wrote this article, years ago, a great many more people have begun using the internet.  They are coming online from every part of the globe, learning, reading, shopping and spending money at an ever-increasing ra…
Developers of all skill levels should learn to use current best practices when developing websites. However many developers, new and old, fall into the trap of using deprecated features because this is what so many tutorials and books tell them to u…
The viewer will learn how to dynamically set the form action using jQuery.
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now