[reportlab-users] Document Security

Ben Mitchell reportlab-users@reportlab.com
Thu, 20 Nov 2003 07:19:23 -0800

Hey Tim, thanks for the helpful post.

Just so you know, you can also use any of the many encrypted-PDF 
crackers out there to remove the restrictions altogether.  Probably a 
lot faster than your current OCR approach.  (Though there is that whole 
federal criminal offense thing you've gotta worry about with the DMCA 
and all.)

Anyway, it turns out that most people don't have the skills and 
motivation that someone of your obvious ability does Tim, and they tend 
to give up pretty easy.

It also turns out that I have no delusions about the depth of security 
generated by such restrictions (but hey, thanks again for assuming the 
worst of me).  Instead, I'm looking to raise the bar a tiny bit to cut 
down on secondary distribution of my content in a presentation other 
than the original PDF, which will contain all kinds of good faith 
reminders that you shouldn't be distributing the thing around in the 
first place, and some personally identifiable information about the 
document's purchaser to ensure that he's reluctant to release it into 
the wild.  A motivated individual can obviously thwart this if he 
cares, but if the documents are priced reasonably in the first place, 
the incentive is low.

So for anyone interested in an ANSWER (rather than useless posts 
telling me I'm dumb) I've found one.

iText (open source from www.lowagie.com) has as part of its 
distribution a command-line Java utility (which I've now tested on 
Linux, Mac OS X and Windows without problems)  called encrypt_pdf.

It takes as input an existing PDF filename, an output filename, 
passwords to apply, and a bitmask indicating how you'd like the 
standard PDF security parameters applied, and creates a new PDF as 
<output file name> that's encrypted and, if you set the bitmask right, 
can't be printed, copied, etc (except by my good friend Tim of course).

So this works great for me, because I can generate PDFs in my favorite 
and familiar Python with Reportlab, and then just invoke an external 
program to encrypt the document as a last step.

I'm happy now.

Have a great day everyone.  Especially you, Tim.


On Nov 19, 2003, at 9:40 AM, Tim Roberts wrote:

> On Tue, 18 Nov 2003 09:06:58 -0800, Ben Mitchell 
> <ben@mitchellfamily.com>
> wrote:
>> If I don't want people to be able to extract / copy / past the text I 
>> put into
>> the PDFs I'm generating, is there a good way to do that?
> No.
>> I know I've seen PDFs in the past that worked this way - just not sure
>> what the process would be for creating one.
> Your goal is silly.  As long as I have a PDF, I can print your document
> and scan it with an OCR reader.  I can use the PrintScreen key to take 
> a
> snapshot to a bitmap and use an OCR reader.  The visually-impaired will
> curse you for breaking their screen readers.
> Preventing cut-and-paste gives you a false sense of security.
> --
> - Tim Roberts, timr@probo.com
>   Providenza & Boekelheide, Inc.
> _______________________________________________
> reportlab-users mailing list
> reportlab-users@reportlab.com
> http://two.pairlist.net/mailman/listinfo/reportlab-users