Password / login protected publishing og "Publish Online"

Report · Oct 05, 2023

I like the idea in the "Publish Online" feature in InDesign. But is something more sophisticated in terms of secure sharing in the back-log? The EPUB export is a bit sketchy - especially when it comes to embedding fonts. And then there is the whole issue about cross- and platform compatibility when eventually reading an EPUB. So would it ever be a posibility to protect against "unauthorized" sharing of "Publish Online" documents? It could be suuuuuuper nice 🙂

Kind regards,
Michael

Report · Oct 05, 2023

PDF, with all its weaknesses, is about as close as you can get.

There is no such thing as a secure electronic doc, not at the general consumer/user level.

Report · Oct 05, 2023

Hi James,

Well I am not asking about a secure document. I am talking about a authenticated access to a document, which then can be done by either individual one-time passwords or traditional login, where the user is authenticated via a trusted partner.
If the big online file services didn't had the posiblity to limit sharing of uploaded files to either a group of people og individuals they would be out of business already. No one serious about their work would be satisfied with "with everybody with the link can access this file/document"

Report · Oct 06, 2023

The differences are pretty much semantic — whether you call it a secure document or a password-protected one or say 'DRM,' it's the idea of a doc file that only "authorized" users can open and read. And the sorry truth is that except for a few high-level encryption schemes, any document in electronic format is pathetically easy to open and read. Many "secure" systems simply depend on a reader that doesn't permit the user to go past a flimsy security door; another app, a simple cracking technique, and the door may as well not exist.

The only sorta-kinda secure ebook system is Kindle, mostly because it's a closed ecology with controlled distribution and proprietary readers. But it, too, can often be... breached.

The problem should be obvious: if the standard is open and the readers can be duplicated and modified by any third party, building one that ignores or bypasses doc security is trivial. If the standard is commercial or closed, it may be difficult (as well as illegal) to build clone readers, but it doesn't take long for cracking methods and tools to appear.

If you release something in e-format, it can only have locks that work for honest users.

PDF is reasonably secure, but there are any number of readers out there that make password access, to read and to modify, moot. There are third-party services that issue encrypted PDFs that can only be read in a proprietary reader variant (I have a colleague who uses them for e-rented textbooks.) But that's the only possibility: a reader [system] that uses sturdy encryption and does not allow or lend itself to clone readers or cracking tools. Adobe is unlikely to go that way, and any third party (such as one that might license a format to Adobe or provide a plug-in) brings other problems to the fray.

Report · Oct 06, 2023

While I understand the request, I wouldn't hold my breath waiting for it. That said, if you want it, make a case:

Adobe InDesign (uservoice.com)

Otherwise, if you insist on creating your content with InDesign then you might want to look into in5. It's not cheap but it will allow you to create far better interactivity and to control your content from end to end.

Report · Oct 07, 2023

Agreed with @BobLevine : InDesign's Publish Online feature is of course nice and convenient, but your control over your published documents is relinquished to Adobe's third-party server services.

To take back control over your InDesign online published documents, two options exist:

Convert the InDesign document manually to a different format that can be hosted online by yourself. Either by popping open the epub or via the FLX html plugin https://www.gilbertconsulting.com/scripts
Use the In5 plugin to publish your documents to HTML5 and host those on your own server.

We are talking about an HTML5 online project here. Releasing a PDF or ePub behind a password protected link generally isn't very effective (as @James Gifford—NitroPress also points out).

No matter which option you pick, it is simple to secure those from public access by setting up a password on your own (web)server. Many ways to achieve this, from a simple secured folder on your server to hosting your site with something like WordPress and using that system to secure content against public access. And a host of other similar options exist.

[1] can be done with the free html5 export plugin or via unzipping an epub, but still requires manual coding to turn the result in a releasable form that can be hosted online.

[2] is expensive, but quick, simple, and convenient.

As (almost) always: cost VS ease of use is your choice. 😉

In either case you'd have to set up the security on your online server by yourself or have someone do it for you in case you lack the technical know-how / are unsure how to go about that.

I never use Adobe's publish online feature. Yes, it is convenient and quick. Super easy. But it means becoming completely dependent and reliant on a third party service of a company that has proved tiem and again it cannot be relied on to maintain these "free" convenience services. (Only a short while ago performance of Adobe's Publish Online servers went down the drain, and it took a good while before it was resolved! Unacceptable if your business depends on a service like that!)

Report · Oct 07, 2023

All correct and valuable options, but password access to a website, no matter what kind of doc is behind the access wall, is... clumsy and prone to security breach. Not really "selling a DRM-protected book," which is the usual goal.

But then, even books weren't secure. You could copy most for about $20 in change.

Report · Oct 07, 2023

I believe in the OP's case it's less a matter of protecting the document(s), and rather limiting direct access to the actual files. Limiting the number of people that have direct access to the link.

Similar to a Google Docs document that is shared with a limited number of people. For example, for preview purposes, etc. Or sharing within a team setting.

And that is quite useful. Currently the Publish Online option doesn't offer that.