如何防止Web字体被非法下载和使用？ [英] How can I prevent web fonts from being downloaded and used illegally?

问题描述

我有一个使用CSS中的 @ font-face 嵌入字体的项目。一切工作正常，但网站所有者想加密的字体，以便没有人可以使用它比在网站上查看。

如何设置？我有服务器上的字体，它使用CSS中的 @ font-face 来嵌入，但是我不得不限制对它的访问。

使用字体托管公司不是一种选择，它必须是可以在服务器上本地运行的东西。

解决方案

如果使用字体托管公司不是一个选项，那么你必须做的字体托管公司自己做的所有工作。这意味着安全地将字体从服务器传送到浏览器，确保字体文件只包含足够的信息以允许浏览器呈现类型，防止最终用户自行下载字体并在本地使用，并且混淆字体本身。

首先，确保您拥有使用网络字体的许可证。如果你还没有这样做，那就搞定了。

之后，你需要确保你的字体是子集的，所以他们只包含字符您的网站需要显示。然后，您需要确保您的字体被混淆，使得字体在桌面上无法使用。 字体松鼠的@ font-face生成器可以做到这一点和上一步。确保你使用专家模式来创建你的字体套件，使用他们的WebOnly™保护和你的字体子集包括字符。

字体松鼠也将转换字体转换为EOT，OTF和WOFF文件，这些文件可以帮助您的字体在绝大多数现代浏览器中使用。

最后，您应该确保您的Web服务器配置为阻止热链接到字体文件本身，防止他们从除了您的网站以外的任何地方被请求。

一旦你采取了这些步骤，你就可以尽可能地快。您需要确保您的字体文件是可缓存的，但您需要在缓存性能和可能将文件存储在浏览器的缓存中很长时间之间取得平衡。这是一个留给读者的练习。

请记住，即使您采取了所有这些步骤，人们也可以下载更改过的字体文件并相对轻松地在桌面上使用它们。不能阻止人们下载字体并在100％的情况下非法使用这些字体，但通过采取这些步骤，您可以进一步确保你已经尽了一切努力。

I have a project where I am using an embedded font using @font-face in CSS. Everything is working fine but the site owner wants to encrypt the font so that no one can use it other than when viewed on the site.

How can that be setup? I have the font on the server, it's embedded using @font-face in CSS, but somehow I have to restrict the access to it.

Using a font hosting company is not an option, it has to be something that can be run locally on the server.

解决方案

If using a font hosting company is not an option, then you have to do all the work that the font hosting companies do yourself. This means securely delivering the font from your servers to the browser, making sure that the font file only contains enough information to allow the browser to render the type, preventing the end-user from downloading the font itself and using it locally, and obfuscating the font itself.

First up, make sure you have a license to use the font on the web. If you haven't got that, you're screwed.

After that, you'll want to ensure that your fonts are subsetted, so that they only include the characters your website needs to display. Then, you'll need to make sure that your fonts are obfuscated in such a way that the font is unusable on the desktop. Font Squirrel's @font-face generator can do both this and the previous step. Make sure you use the "Expert" mode to create your font kit, use their WebOnly™ protection and subset your font to include the characters.

Font Squirrel will also convert the fonts into EOT, OTF and WOFF files that will help your fonts to be used in the vast majority of modern browsers.

Finally, you should ensure that your web server is configured to prevent hot linking to the font files themselves, preventing them from being requested from anywhere except your site.

Once you've taken those steps, you're about as far along as you can be. You'll want to make sure your font files are cacheable, but you'll need to strike a balance between cache performance and potentially storing files on the browser's cache for a long time. That's an exercise left to the reader.

It's important to remember that even after you take all these steps, it is possible for people to download the altered font files and use them on the desktop with relative ease. You can't prevent people from downloading the fonts and using them illegally in 100% of cases, but by taking these steps, you're further along the road to making sure you've done everything you can.

这篇关于如何防止Web字体被非法下载和使用？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！