Solved

PDF stamping using PHP or encryption using PHP which is better

Posted on 2010-09-17
6
455 Views
Last Modified: 2012-05-10
Dear experts,

I would like your  knowledge and advice in regards to PDF stamping or encryption using PHP. I have found a couple of API for achieving this but would like some sound advice. I have two PDF books as part of a membership program which I would like to protect as much as possible from theft. I have looked at many solutions on the net for protecting PDF ebooks etc and have tried out many of them. From a users perspective if i had to deal with the complexity of these solutions I would never buy anything again from that company. The best solution seems to be stamping with PHP, as i run a membership site that is selling a product and service I am planning on stamping the name and address and email of the person for added protection, which does not put the user out. I am also wondering that if instead encrypting using PHP and making the encryption password there email will be a better way to prevent over load for my server as I understand that this process is quite processor intense. I would be grateful for some advice regarding this please. What others have used? What you feel is the better solution. What is the best and easiest way to implement this?

Also may I ask when you get the PDF stamped or encrypted is it best to store that copy on the server so that if the user needs to download it again the server does not have to make another copy or is there a better way. I will be restricting my user to a max of 3 downloads to save on bandwidth.

Many thanks as always for your help.
0
Comment
Question by:Lightwalker
  • 4
  • 2
6 Comments
 
LVL 109

Expert Comment

by:Ray Paseur
ID: 33700928
I say stamp it with the client information, and tell your clients they are part of a "membership organization" that protects its valuable intellectual property.

Any way you handle this issue, if someone wants to steal your digital PDF data, they will be able to do it.  So make it easy for your legitimate clients to get what they paid for, and rely on the terms of service to make your copyright enforceable.

Best regards, ~Ray
0
 
LVL 109

Expert Comment

by:Ray Paseur
ID: 33700969
Regarding this, "...it best to store that copy on the server..."

Yes, I think I would do that, and email a link to the client.  You might use an obscure file name to access the file.  You might use a "force download" script that keeps a count of the downloads and makes the file ineligible for future download after three tries.

If the file is not too large and is named sensibly, ending in .PDF, you might send the client an email with the file in an attachment.  However you should be careful not to make this the only strategy because many (more and more) people use wireless handheld devices to access the WWW, and attachments are not always welcome.
0
 

Author Comment

by:Lightwalker
ID: 33705888
Dear Ray,

Thank you again for your comments. I agree with what you are saying. the PDF's are to large to email successfully and I am planning to use a forced download so that I can keep track of the number of downloads. It also means I can remove the PDF that have been downloaded 3 times in order to save space on the server.

I was wondering if you know of the best PDF stamper API, as I am still learning ( and in all honesty will need to hire someone to do this for me) I have found a german company that writes an API for this purpose. I have included the link below:

http://www.setasign.de/products/pdf-php-solutions/setapdf-stamper/

My only concern with this (apart from the price but they seem reputable so I do not mind) is that it appears to use a caching method and I would prefer like you said to store the stamped PDF on the server rather than caching the document.

Any guidance you can give I would be very grateful
0
Portable, direct connect server access

The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

 
LVL 109

Accepted Solution

by:
Ray Paseur earned 500 total points
ID: 33707470
Regarding the PDF books... Do you know about FPDF?  It is a PHP class that can create PDF files for you.  If you can make the books by using the FPDF class, you can simply insert your ownership stamp right into the PDF document.  I have used the class many times and found it to be excellent - fast and accurate for both text and graphics.  More information is available here:
http://fpdf.org/

In the code snippet is an example of a force-download script.  The headers work on every browser I have been able to test.  You can easily modify that script to become login-aware and to take the encoded name of the file from the URL string.

As far as login-aware scripts go, I have an article here at EE that describes the design pattern.
http://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/A_2391-PHP-login-logout-and-easy-access-control.html

Hope that helps get your project up and running, ~Ray
<?php // RAY_force_download.php
error_reporting(E_ALL);



// A FILE TO DOWNLOAD - THIS LINK COULD COME IN THE URL VIA $_GET, OR COULD BE GENERATED INSIDE THE SCRIPT
$url = "http://www.google.com/intl/en_ALL/images/logo.gif";

// USE CASE
force_download($url);




// FUNCTION TO FORCE A DOWNLOAD FROM A FILE
function force_download($filename)
{
    // GET A NAME FOR THE FILE
    $basename = basename($filename);

    // GET THE CONTENTS OF THE FILE
    $filedata = file_get_contents($filename);

    if ($filedata)
    {
        // THESE HEADERS ARE USED ON ALL BROWSERS
        header("Content-Type: application-x/force-download");
        header("Content-Disposition: attachment; filename=\"$basename\"");
        header("Content-length: ".(string)(strlen($filedata)));
        header("Expires: ".gmdate("D, d M Y H:i:s", mktime(date("H")+2, date("i"), date("s"), date("m"), date("d"), date("Y")))." GMT");
        header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT");

        // THIS HEADER MUST BE OMITTED FOR IE 6+
        if (FALSE === strpos($_SERVER["HTTP_USER_AGENT"], 'MSIE '))
        {
            header("Cache-Control: no-cache, must-revalidate");
        }

        // THIS IS THE LAST HEADER
        header("Pragma: no-cache");

        // FLUSH THE HEADERS TO THE BROWSER
        flush();

        // CAPTURE THE FILE IN THE OUTPUT BUFFERS - WILL BE FLUSHED AT SCRIPT END
        ob_start();
        echo $filedata;
    }

    // ERROR
    else
    {
        die("ERROR: UNABLE TO OPEN $filename");
    }
}

Open in new window

0
 

Author Closing Comment

by:Lightwalker
ID: 33710028
Thank you so much for e help
0
 
LVL 109

Expert Comment

by:Ray Paseur
ID: 33710995
Thanks for the points - it's a great question, ~Ray
0

Featured Post

VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

If you are a web developer, you would be aware of the <iframe> tag in HTML. The <iframe> stands for inline frame and is used to embed another document within the current HTML document. The embedded document could be even another website.
3 proven steps to speed up Magento powered sites. The article focus is on optimizing time to first byte (TTFB), full page caching and configuring server for optimal performance.
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question