Security & the dangers of rendering PDFs to flash & HTML5
When trying to deliver secure PDF documents to the screen, many different approaches are taken.
The problem to be solved is easily specified – to prevent, as much as possible, the theft of the information being shown on the screen, while retaining as much PDF functionality as possible (indexes, internal and external links, searching, presentation and so on) – solving the problem however is not so easy.
Free 15 Day Trial
Protect PDF files: control use
Stop unauthorized access and sharing
Control use – stop printing, copying, editing, etc.
Lock PDFs to devices, countries, locations
User and PDF expiry, revoke files at any time
PDF Flash Viewer and browser technology
The dangers of using a Flash PDF Viewer to deliver PDF DRM Security
One technique suppliers use is to convert a PDF document into Flash pages, and send those to the client through the browser. The apparently good news is they ‘only’ have to install Flash on the desktop, and they can ‘log in’ with an id/password scheme to get hold of the document, and there is no download.
The bad news gets worse. Unfortunately the native Flash viewer has not proved to be secure. The problems are not new, and Flash users should by now have got used to doing updates consistently (except for the period of time when Adobe code-signing keys were compromised).
But the fact remains that browser plug-ins and mobile apps can open systems to a wide range of vulnerabilities starting off with remote code execution and moving on to windows stored passwords thefts. For those not of a nervous disposition, see the current known Adobe Flash Player vulnerability list.
These kinds of vulnerabilities are not enhanced by the frequent use of JavaScript, which is needed to provide some of the functionality that will be lacking in the Flash system, which has few system interfaces. Text search is an obvious problem. In most Flash systems it is done by searching the underlying source code, or an XML rendition, but neither of these is satisfactory from a security viewpoint. Sending the source kind of defeats the objective?
So although it seems to be a simple implementation, using Flash on its own only creates security problems, and leads to a low functionality result. Trying to improve the functionality makes the security even worse. More of a lose/lose situation.
The next logical step for companies producing flipbooks and requiring a more robust solution was to move to HTML5 for the viewing of ebooks in a browser. This provides all the same interactivity and multimedia support with less of the flash specific security issues.
However, if you want security for your ebooks (stop users sharing ebooks, copying text, printing, etc.) then a browser can only provide a limited amount of control (since no software is installed on the client). If controls have been badly implemented it is relatively easy for users to edit the content in the browser and turn functionality back on – sometimes this is as simple as removing a piece of JavaScript. Even some DRM systems decrypt content on the server (rather than in the browser) making it easier for users to bypass controls.
Many HTML5 Viewers offer basic content protection such as:
HTML5 Viewers try and prevent users downloading content by disabling right-click and the (File→Save As) from the browser menu (File→Save As) but the content is still available on their local disk from the browser cache.
With Safeguard Secure PDF Web Viewer we only deliver encrypted chunks to the browser and each chuck is decrypted on the fly as it is viewed.
Stopping sharing
HTML5 Viewers rely on a username and password login that can be shared with anyone. There is no limit to the number of people that can be logged in at any one time or any location (geoip) controls. So stopping sharing relies on the user not sharing their login credentials with anyone.
Safeguard Web Viewer limits the number of concurrent logins (the default is one user with the same credentials logged on at any one time) and enables you to automatically lock use to specific locations (say the location the user first logged on to the system) so you can be confident that your documents are not being easily shared across the Internet.
Stopping printing
HTML5 Viewers can disable the print options available in a browser. However it is important to test this functionality in all browsers as the JavaScript control (assuming the user has not removed it) may not work in the less commonly used browsers.
Safeguard Web Viewer will stop all printing and fail to load any content if any of the source code is modified.
Flipbook Security
Bad implementations and flipbook security
Apart from the security controls listed above (that are often next to useless), it is important to remember that flipbooks were not invented with security in mind – it was added as an afterthought and is often badly implemented.
For starters, content is not even encrypted. That is why some systems enable you to prevent Google and other search engines from listing your ebooks. So you are relying on access controls working correctly for your ebook protection – this can be rather worrying when some systems can be easily bypassed by removing the login screen by editing the source code in the browser. That is why a good system should also use encryption and extensive code obfuscation. If you have a $3 ebook you may not be too worried, but for a $1000 report a flipbook system would not provide adequate security.
Customer Testimonials
We needed to deliver e-book versions of our handbooks while not compromising on security and digital rights. Safeguard PDF security is easy to use and intuitive.
The implementation was painless and we now have a greener, more secure way of distributing training manuals.
Locklizard’s PDF protection is exactly as described – the features are highly effective and I would give it 5 stars.
I would recommend Locklizard to others - their security is simple to use and fit for purpose. It meets common needs of businesses who have information they want to protect.
We would be happy to recommend Locklizard to any company needing a flexible way to secure PDF files.
Safeguard PDF Security has provided us with a very workable solution for sharing of information in a secure fashion. The support has been excellent and very accommodating.
We can cut accounts for a user five minutes before his class starts and he is ready to go. Happy smiling customer, while we still have security and personalized watermarking.
I have immense respect for the product and Locklizard provide great customer satisfaction and service.
We would recommend Safeguard to other companies for its security, cost and ease of use. It does what we expected it to do and more.
Ease of use is a bonus and the implementation was very easy. The product manual is excellent and Locklizard staff are very accommodating.
We sell a highly valued educational product in an open and competitive market so it was important to ensure we had effective security to protect our digital rights.
We highly recommend Locklizard - a professional company with a competitive and professional PDF Security product.
We would absolutely recommend both Locklizard as a company, and Safeguard PDF Security. It has transformed our study materials to the next level.
Not only did this increase sales, but we also believe that it has increased our customers’ ability to learn, which is even more important!
We would recommend Locklizard Safeguard to other companies that need to protect PDF reports. Customers have found the process of accessing the protected documents to be seamless.
Implementation was easy and technical support has been very responsive to requests for help.
Our company would without reservation recommend Locklizard. Their document DRM software opens up delivery of our new products in a timely fashion while knowing that the content will remain secure.
The return on investment to our company has been immediately evident.
We use Safeguard to make sure that documents cannot be opened outside our local network or from a unauthorized computer in order to copy or print the documents.
It is the most feature rich, affordable, & simple to use PDF security product on the market.
Safeguard PDF Security is simple to administer and meets our needs, consistently delivering secured manuals to our customers with ease.
Return on investment has been elimination of many man hours, printing resources and postage – it is estimated that costs decreased by 50% or more.
We would really recommend Safeguard PDF Security to every publishing company for managing ePubs or e-books securely. It is easy to secure PDF files and simple to distribute them to our authorized customers only.
Locklizard also provides a good customer support experience.
The ROI for us is incalculable. We have the security of knowing that our proprietary documents are secure. This is the entire value of our company.
I would most certainly recommend your PDF security product and already have. The ease of implementation was surprising.
We can now sell our manuals without the need to print them first, saving time, money and helping safeguard the environment.
We would recommend Safeguard PDF DRM – it is the perfect solution to sell and send e-documents securely whilst making sure someone cannot copy them.
We would recommend Locklizard to other companies without hesitation.
Their PDF DRM products provide a manageable, cost effective way to protect intellectual investment and they are always looking for ways to improve them. Moreover, their staff provide an excellent level of support.
Free 15 Day Trial
PDF Flash Viewer and browser technology
PDF and HTML5 Viewer
Stopping downloading
Stopping sharing
Stopping printing
Flipbook Security
ABOUT US
CONTACT
