[reportlab-users] non-hackable pdf files

Andy Robinson andy at reportlab.com
Tue Apr 25 05:41:26 EDT 2006

Mike Dewhirst wrote:
> Is there a way to create pdf files with ReportLab such that the file 
> cannot be hacked?

Amplifying slightly on Robin's reply...

If you want anyone to be able to read the PDF file, there is no robust 
way to protect it.  PDF is an open, published standard and anyone can 
write a PDF Reader (with open source reader software being available); 
and if the software can read enough to display the text on screen, then 
it can be modified to extract the words.

Acrobat supports an 'owner password' which is a convention that PDF 
readers are supposed to respect; if you set the flags to say that text 
cannot be copied, a well written PDF reader should not let someone paste it.

The 'user password' feature is stronger.  You can make a document so 
that it can only be opened by someone with a specific password, and the 
content is actually encrypted.  But once they have it open on the 
screen, the same concerns apply.

Parts of the software industry have been struggling for ages to find 
ways to let users read stuff but not copy it (witness the record 
industry) and have not yet come up with a scheme.  But if you want 
protection against casual abuse by non-techies, the 'owner password' 
supports this.

The security features are available in Acrobat, most PDF creators and 
our own encryption utility; if you are interested in the latter, please 
email me directly with a description of your app and the volumes and 
types of documents you want to use it to encrypt, and we will quote a 
price (as well as letting you try it out for free).  There is no 'list 
price' except as part of our overall suite which is enterprise-priced, 
but we are always happy to work out deals for user group members.

Best Regards,

Andy Robinson

More information about the reportlab-users mailing list