How to make PDF inaccessible to others.

My organization wishes to get some confidential data uploaded by users in the form of PDF file, that may be password protected. Each user may be given a key/password that he will use to password protect PDF file he will upload.  PDF files will be uploaded to the server in a pre-designated folder. Obviously, the password will be stored in the database.  PDF folder and user's password may be known to a group of people who work on this project or who use that database. And so anyone of these group members may access that PDF. which is not desired.
What is the solution?
Sandeep SoodProgrammerAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

John TsioumprisSoftware & Systems EngineerCommented:
I would upload the PDF to a database that is document oriented like password and files are in one place and you get granular control of what is viewable to whom...i have implemented something similar with .jpgs and the connection to Firebird was the least of my worries...
Gustav BrockCIOCommented:
You can't both grant access and deny access to this group of people.

The classic method is to have some that control the access but don't have access, and some that can't control access but do have access to what they have been granted.

This way you can have folders that are accessible for some, while these cannot control to these or other folders.
Shaun VermaakTechnical SpecialistCommented:
All major PDF applications are adding RMS support. With RMS you can block opening, saving, printing, screenshots etc. permanently or with temporary access
IT Pros Agree: AI and Machine Learning Key

We’d all like to think our company’s data is well protected, but when you ask IT professionals they admit the data probably is not as safe as it could be.

As soon as the user uploads the PDF, have some process move it to a hidden/secure folder.  In the past, I've done this with (VBScript) scripts that run in a sleep/wake loop, looking for any files in a folder to process.  You set the Sleep interval in milliseconds - 500 is a half second; 4200 is 4.2 seconds.  This can be any integer value up to 65535.  
Note: Doing this in Powershell provides some longer intervals.

Since the only 'process' is you need is to move any files, your started task can be much simpler - a MOVE command.  A scheduled task can repeat every minute.

There is also a call-back configuration, where your program asks the Windows OS to notify whenever there is any change activity to a directory.  This call-back happens immediately after the change.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
crystal (strive4peace) - Microsoft MVP, AccessRemote Training and ProgrammingCommented:
hi Sandeep,

I agree with Gustav's comment to use network privileges to control what users can do

John and Shaun, going to read your links -- they look interesting

clever approach, Mark -- so if the file is not done being written, does this mean it's partial won't be moved (since presumeably, it can't), and it will happen the next time? Care to share some basic code? and how you make it run? Thanks

have an awesome day,
in the VBScript environment, you use the wscript object's sleep method inside an endless loop.

In the following example, oFldr is a filesystemobject folder object variable.
On Error Resume Next
Do While True
    For Each oFile In oFldr.Files
        oFile.Move strDestinationPath
    oWsh.Sleep 5000   'five second sleep between move operations

Open in new window

Sandeep SoodProgrammerAuthor Commented:
Thanks all for your replied.

John and Shagun, i will have to check if my service provided allows to use 3rd party tool like Firebird or RMS at server.
Mark, i liked your solution, though it is not very fool-proof. (hidden folder can also become known after some digging) but still it will work for me.
and i am planning to add it with following approach.  Kindly give your views.

Can we use some sort of Public Key, Private Key encryption Decryption also ?
User's password (Say P) is encrypted using  Public Key (say PubK) know to all giving K.  K is stored in database.
User locks PDF using P. (P is not stored in database)

Later, K is picked from database, decrypted using Private Key (Say PvtK) KNOWN only to TEAM LEAD, giving P.
P is used to unlock PDF.

In addition, i will ask every user to leave at least first 3 pages blank in PDF. coz, there are many utilities available on the net that may unlock first few pages of PDF freely.
1. Make the users' keys long and unique.  I recommend using GUIDs for such things
2. You can set security privileges for directories such that their (file) items can't be listed by the end users.  Conversely, you can set listing privileges are only available to admin-level tasks and users.
3. I don't think you need to encrypt these PDFs beyond #1 above.  However, the simplest thing is to use an encrypted zip/7z compressed file/folder as the permanent storage place.
4. The folder where you place your scripts should also be secure, especially if you have to do more encryption.
5. PKI is overkill.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.