[Previous] [Next] [Index]
[Thread]
Re: preventing downloading
On Thu, 14 Mar 1996, matt jackson wrote:
> Is it possible to create a Web site where users can view documents but
> they cannot download or print anything without authorization?
>
> I know one can use encryption and or passwords to prevent all access, but
> is it technically feasible to allow access without allowing the user to
> keep a copy of the document.
Nope. For HTML and similar types of content, downloading == viewing ==
printing == saving == browsing. Its all the same thing. Essentially the
user issues a "GET" request to the server for a particular document, and
the browser displays it to the user when it has been received. What the
user decides to do with the document at that point is their own business.
> To reveal my ignorance even further, it seems to me that if one created a
> new generation of Web browsers that would look for a special code before
> allowing a "save" or "print" option, this would work. My more
> knowledgeable friends say that once the document is in the user's RAM (as
> required in order to view it in the first place), nothing can stop them
> from saving or printing it. Are they right?
They are correct.
But, you don't have to put up HTML documents on your web site (although
that's going to be what most users are going to expect). Adobe PDF files
(Portable Document Format) support the ability to determine what a user
can do with a particular document. Regions of text, images, and the
entire document can be locked to prevent printing or selecting. PDF
files must be viewed with PDF viewer, and are created with Adobe Acrobat
Exchange. You can create PDF files from any application, including
desktop publishing programs, graphics packages, etc.
Clients need to be configured to automatically launch the PDF viewer
when sent a document with the application/pdf MIME type, and servers need
to know that documents ending in ".pdf" should be sent with the MIME type
"application/pdf". Other that that, its pretty easy to implement.
One way to do this would be to have two copies of each document
around...one that was "locked" to preventing printing, etc. the other
that was not. The user could view the appropriate document based on the
output of a CGI program, or simply by maintaining two document trees, one
of which was protected by the Web server's built-in authentication schema.
I heard rumours of Netscape implementing support for PDF files inline
in a future release of Netscape Navigator. I suspect that the Java
explosion has somewhat delayed that, or perhaps licensing negotiations
got off track. I dunno...it was something remember from over a year
ago, but haven't heard about it since.
Hope this helps.
-brian
--
Brian W. Spolarich - ANS CO+RE Systems - briansp@ans.net - (313)677-7311
See Brock acquire. Acquire, Brock! Acquire!
Follow-Ups:
References: