[reportlab-users] PDF encryption
andy at reportlab.com
Tue Mar 26 01:31:14 EDT 2013
Set the 'owner password' and not the 'user password'. Anyone can
read, and you can set bits about what can be done.
This capability is fundamentally broken security-wise - it is a
convention which PDF readers are supposed to support. Obviously, if
your PDF viewer can access and display the page contents, it could be
coded differently to let you perform those other operations. Some
Russian guy got locked up for pointing out how stupid this was and
embarrassing Adobe ;-) On the other hand, someone would need to be
fairly clever or determined to get around it.
On 17 March 2013 20:46, Dinu Gherman <gherman at darwin.in-berlin.de> wrote:
> I'm trying to create an "encrypted" PDF in which users can view all
> pages without knowing any password, but perform certain operations only
> when they have the user password. With the code below from the user
> guide (with minimal changes) I can always even view the content only
> after entering the user password:
> from reportlab.lib import pdfencrypt
> from reportlab.pdfgen import canvas
> enc = pdfencrypt.StandardEncryption("secret",
> canPrint=False, canCopy=False)
> c = canvas.Canvas("hello-enc.pdf", encrypt=enc)
> c.drawString(100, 100, "Hello World")
> OTOH, the preview of the Python brochure does exactly that, let all
> people see the content, but don't let them copy stuff e.g. without
> a user password. See download on http://brochure.getpython.info
> Is there a way to achieve this with reportlab.lib.pdfencrypt?
> BTW, there is some space left for a ReportLab ad in the brochure...
> reportlab-users mailing list
> reportlab-users at lists2.reportlab.com
ReportLab Europe Ltd.
Thornton House, Thornton Road, Wimbledon, London SW19 4NG, UK
More information about the reportlab-users