Skip to main content
M
mrjohncrumpton
Participant
July 20, 2021
Question

Protect PDF from being downloaded through viewing the source

  • July 20, 2021
  • 1 reply
  • 652 views

For secure PDFs, such as embedding an expensive book for members-only, how can I stop them viewing the source and copying the URL into a browser to download the PDF?

 

Here's the part that they could copy-paste:

 

content:   {location: {url: "https://documentcloud.adobe.com/view-sdk-demo/PDFs/Bodea Brochure.pdf"}},

 

Encoding the PDF as a base64 doesn't seem to work looking through the forum, and would make a massive line of code for this book.

 

Perhaps setting something on the PDF file so that even if they download it, they can't open or print it.  I suspec this will affect the embedded file, so it might not be possible. Appreciate any thoughts, thanks in advance.

This topic has been closed for replies.

1 reply

Joel Geraci
Community Expert
Joel GeraciCommunity Expert
Community Expert
July 21, 2021

The content can also be passed as a Promise that resolves to a ByteArray. You'd need app on your server that gets the PDF based on some sort of identifier instead of a URL. The PDF would be stored in a folder that's not accessible to the web.

 

That said, Embed API is no substitute for a real Digital Rights Management solution. It will keep honest people honest but it's not going to prevent a determined hacker from getting at the file.

T
TAD Master
Participant
November 30, 2021

I had a suggestion that can help and would appreciate if Adobe looks into it: I have successfully got the EmbedPDF API to send a ByteArray  (Thanks to your Codepen example: https://codepen.io/practicalPDF/pen/vYLoKMj ) But securing it to prevent someone peering into the Network tab and capturing the "Response" on the Ajax call that gives the ByteArray is tough! 

My suggestion is based on the fact that Adobe whitelists my domain where I used EmbedAPI before I can use it.  I have to get the ClientID from Adobe first; before the viewer works.

Here is my suggestion:


Would it be possible for me to set a password when I register my domain with Adobe? Such a password can use standard CryptoJS based symmetric encryption. I can then safely encrypt the Bytearray using that standard symmetric encryption and send the encrpyted byteArray into the browser. Your webasm based reader can then check if my account has that password set; so your reader can silently decrypt the encrypted ByteArray. 

Doing all this at my end is tough, and works only crudely. But if Adobe implements it; it would be really a strong security! I sincerely hope this suggestion is considered. Thanks!

Terms & ConditionsAccessibility statement
Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices