Protect PDF files

[classic.certs]

What security can i place on a pdf? Our site has a number of pdf files and I want to declare who opens the files. I know that we can put a password on the file. But if the member no longer has access to the area, i do not want them to be able to access the file.

The only issue i see is... we do have people using these files while they are offline. So checking home for an update will be an issue.

Any suggestions?

[wwb_99]

Serve the files using a server-side scripting language that understands your membership rather than straight out of the filesystem.

[classic.certs]

That is how we have it in place now. But once the file is downloaded, i am looking to see if security can be kept.

[wwb_99]

Hmm, that is alot trickier. I don't think you can do anything about the files that have already been downloaded, but I would check out Adobe's documentation to see if there are any PDF security settings that you could use to hook into your authorization system or, at the very least, sunset the documents.

[jeffct]

Serving the files from a protected directory or out of a database could help you control who accesses them, but once a PDF is downloaded it is much more difficult to control who can read it.

PDF passwords are a possibility but they can easily be stripped off by third-party programs. Of course, the passwords aren't entirely useless, they will make it a bit harder to distribute the file. Without some sort of elaborate DRM coded into the file, there's not much you can do once they have it on their system.

[sk89q]

PDF files do support DRM, so you should look into that. I believe full-encryption is supported, so you need to know the keys to open the file.