防止“另存为”在Adobe PDF中 [英] Preventing "Save As" in Adobe PDF
问题描述
我们要求防止在网络驱动器上存储的PDF的其他副本。目前,我们已经按照格式允许的方式锁定PDF,这意味着防止复制/粘贴,编辑和打印。但是,客户端要求在打开PDF时,无法创建PDF的附加副本。
使用本机PDF,这是不可能的,因为首先他们可以随时点击浏览器中的链接,然后点击另存为...到桌面。此外,他们可以点击Acrobat Reader里面的另存为...,没有办法(没有黑客)关闭它。另外,即使我们被黑客攻击了Acrobat Viewer,他们总是有机会在另一个第三方查看器中查看和重新保存PDF。
有几个初步的选择:
-
使用DRM提供程序来锁定对文件的访问权限 - 这不是一个选项由于费用
-
创建一个将文件转换为TIFF的Web服务,然后使用秘密密钥将其提供给.abc 文件。为.abc文件创建一个唯一的查看器,该文件只能在客户端网络内部运行,并打开该文件并将其解密。没有自定义查看器,他们无法查看文件。他们可以复制它们,但如果观众被锁定到他们的个人机器上,或者必须在公司网络内运行(例如,在启动之前检查网络服务中的秘密密钥),则他们所做的任何副本都不会被打开,
-
创建一个基本上与上述相同的Flash或Silverlight查看器,但实际上并不将文件保存到PC中 - 只需将其显示在浏览器。
有没有其他任何可能更简单的选择?目标是不要有100%的防爆安全,只是为了防止员工轻松制作副本,将这些副本发送给竞争对手,朋友或其他不能访问这些敏感文件的人。
您提到的唯一可以工作的机会(而不是执行成本太高)是自定义阅读器。
读者应用程序不应该有存储在其中的任何秘密信息(如密钥),并且应该只能在内部使用,通过访问通过私有网络服务的关键和图像数据。你已经注意到了。
它也不应该存储文件;但只需将密钥和数据加载到内存中,解密图像,然后提供查看。
困难部分将转换数据。其余的是大部分相当基本的东西。
这里的注意事项是用户打印屏幕并保存图像仍然很容易。 p>
最终,让他们看到文档而不是保存它们的唯一真正安全的方法是完全阻止他们在他们拥有任何物理或通用的系统上查看文档网络访问。
We have a requirement to prevent saving additional copies of PDFs that exist out on a network drive. Currently, we have "locked down" the PDFs as much as the format will allow - which means prevently copy/paste, editing, and printing. However, the client requires that no one be able to create an additional copy of the PDF once they have it open.
Using native PDF, this is not possible, because firstly, they can always click the link in the browser and "Save As..." to their desktop. Also, they can click "Save As..." inside of the Acrobat Reader and there's no way (short of hacking) to turn that off. Also, even if we hacked the Acrobat Viewer, there's always a chance that they might view and re-save the PDF in another 3rd party viewer.
There are a couple of initial alternatives that come to mind:
Use a DRM provider to lock down the access to the files - this is not an option due to the expense
Create a web service that converts the files to TIFF and then encrytps them with a "secret" key and serves them up as ".abc" files. Create a special viewer for ".abc" files that only runs internal to the client's network and opens this file and decrypts it. Without the custom viewer they can't view the files. They could make copies of them, but if the viewer is locked down to their individual machine or must run within the corporate network (checks for secret key from web service before launching, for instance), any copies they make won't be open-able.
Create a Flash or Silverlight viewer that essentially does the same thing as above, but never actually saves the file to the PC - just shows it within the browser.
Does anyone have any other alternatives that might be simpler? The goal isn't to have 100% bomb-proof security, just to prevent employees from easily making copies, emailing those copies to competitors, friends, or other folks who shouldn't have access to these sensitive files.
The only option you've mentioned that has any chance of working (and not being way too costly to implement) is the custom reader.
The reader application should not ever have any 'secret' information (such as the keys) stored in it, and it should only be able to be used internally, by accessing both key and image data via a private web service. You've already noted that.
It should also not store files at all; but simply load the key and data into memory, decrypt the image, then provide viewing for it.
The 'difficult' part would be converting the data, really. The rest is fairly basic stuff, for the most part.
The caveat here is that it would still be easy for a user to print screen and save the image.
Ultimately, the only truly secure method to let them see the documents but not save them is to totally prevent them from viewing the documents on a system to which they have any physical or general network access.
这篇关于防止“另存为”在Adobe PDF中的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
