1

Env: jQuery, richfaces

We would like to disable copying (using CTRL+A) sensitive information on certain pages and pasting via the clipboard. We would rather expect the user to use few buttons to export the data. How do we achieve this?

user339108
  • 12,613
  • 33
  • 81
  • 112
  • 1
    Following the path you're currently on, you'll eventually come to the point where you need to prevent the user from taking screenshots, so to save us all some time, here's the answer: http://stackoverflow.com/questions/3130983/stop-user-from-using-print-scrn-printscreen-key-of-the-keyboard-for-any-web – deceze Jul 29 '10 at 07:00

5 Answers5

4

You cannot. It is the user's computer and they can copy any data that they can see.

Now you can annoy the hell out of them by having some JavaScript that intercepts keys like Control-A and Control-C, but I hate that so much that I'm not going to tell you how to do it. You can downvote me all you like!

I suppose a nice middle ground would be to detect when the user tries to copy and not disallow it, but display some kind of a message along the lines of "Hey, are you trying to export the data? Try the Export button over there ->"

EMP
  • 59,148
  • 53
  • 164
  • 220
2

That's the third question in a row which is about to "prevent" or "disable" some basic functionalitys.

You might think about User experience and usability.

update

You mentioned in your comment that you're dealing with sensitive data. I agree with the other comments that you should not send such sensitive data to the client. There is just no way to protect it.

jAndy
  • 231,737
  • 57
  • 305
  • 359
  • we have some sensitive information which we wouldn't want the user to copy and take a print out. wouldn't that be a valid use case? – user339108 Jul 29 '10 at 06:48
  • @user339108 if it's so sensitive information, don't send it to client side.. cause even javascript is not a sure way to prevent them in getting it... – Reigel Gallarde Jul 29 '10 at 06:54
  • @user If it's that sensitive, **don't let the user see it**. As soon as it's on the users computer, it's out of your hands! – deceze Jul 29 '10 at 06:55
1

Pen and paper are still not deprecated.

Then there are screen capture tools, cameras, etc.

And there is always the human memory.

Finally, a browser is just a convenience which is not even needed. Someone can just curl in a http(s) request with whatever headers and/or data your server is expecting. No browser, no DOM, no events, just plain text on the command line. How do you control that?

Anurag
  • 140,337
  • 36
  • 221
  • 257
0

You can use secure global desktop and allow users to access that pages only from the IP of the server where secure global desktop is running. do not put any printer or other services on that server. Disable copy/paste from the settings of the global desktop. In our company software engineering process pages are protected with that setup (I do not know why). You can not copy/paste and print conveniently. You can takes photo of them of course.

Deniz
  • 1,575
  • 1
  • 16
  • 27
0

You can use secure global desktop and allow users to access that pages only from the IP of the server where secure global desktop is running. do not put any printer or other services on that server. Disable copy/paste from the settings of the global desktop. In our company software engineering process pages are protected with that setup (I do not know why). You can not copy/paste and print conveniently. You can takes photo of them of course.

Deniz
  • 1,575
  • 1
  • 16
  • 27