0

My company delivers programming instructions for products we sell in both streaming video (hosted on CloudFront) and pdfs (hosted on Amazon S3). We don't want for our customers to be able to take the content out of these PDFs, save the PDF, or be able to share the link. At the same time, we don't want for people to be able to streal the video (we're less concerned with the videos).

I've been racking my brain trying to figure out the best options on securing this. What are the limitations with PDF security, at the end of the day, can you stop them? Or at least make it really hard?

Ben
  • 60,438
  • 111
  • 314
  • 488

2 Answers2

3

Unless you create and deliver your data in custom format, your own viewer with built-in content protection mechanisms, you are out of luck. Everything you deliver to the client can be captured, copied and distributed. With PDFs and video streams this is trivial.

Eugene Mayevski 'Callback
  • 45,135
  • 8
  • 71
  • 121
  • I would like to add a word of discouragement for the "create your own format and reader" idea. Not even that can help you here. It wouldn't take much more than an afternoon's work of reverse engineering to figure out whatever format was cooked up. It's just obscurity. And in the process, you'll have made a reinvented wheel riddled with real security holes. – AltF4 Dec 22 '10 at 22:11
  • @AltF4 don't spread FUD. PKI-based DRM systems would work nice if implemented right in kernel mode. They are way complicated, yes, but they do work. And there's no unbreakable protection in the world, so from this point of view your comment is useless. – Eugene Mayevski 'Callback Dec 23 '10 at 07:23
  • No, they don't work. You're giving the user the ciphertext and they key. The game is up right there. You can't sprinkle magic PKI dust on the PDF to make help you. Even when companies deploy dedicated hardware to hold keys and perform decryption (cable boxes for example), it gets cracked without significant difficulty. – AltF4 Dec 23 '10 at 18:01
  • @AltF4 So far your words are nothing but FUD, sorry. – Eugene Mayevski 'Callback Dec 23 '10 at 19:20
  • Ahh, I should have noticed sooner. "EldoS Corp" huh. "Your data, stored or while in transfer, will be reliably protected with help of EldoS solutions." Its in your best interest to convince people magic DRM fairy dust exists. Good luck with that. – AltF4 Dec 23 '10 at 19:47
0

If you can suffer the PDF generation overhead, you could individualize the PDFs by putting the customer's name on each page. Turn off editing as well, and that'll discourage people. It'll still be quite possible to get around these, of course.

derobert
  • 49,731
  • 15
  • 94
  • 124