Restricting Access to Documents
In some cases you may want to protect your HTML5 documents with sensitive information from printing, copying text from it or from viewing it.
Protection from Printing
To prevent document viewers from printing the converted document
you need to set Disable Printing checkbox in
Protection Tab of Document Options window before document conversion. This option automatically disables Print
button on the document toolbar as well as disable access to print function with
keyboard shortcuts or using Print2HTML5
Document API.
At programmatic conversion you can disable printing by setting PROTDISPRINT flag in the ProtectionOptions property of Profile object or in the ProtectionOptions parameter of Enhanced Batch Processing.
Protection from Copying Text
To
prevent document viewers from copying text from the converted document
you need to set Disable Text Copying By User checkbox in
Protection Tab of Document Options window before document conversion. This option automatically disables
Select Text button on the document toolbar. If you want
to disable text copying using Print2HTML5
Document API, you need to set Disable Text Copying With Document API option
in the same window.
At programmatic conversion you can disable text copying by setting PROTDISTEXTCOPY and PROTDISTEXTCOPYAPI flags in the ProtectionOptions property of Profile object or in the ProtectionOptions parameter of Enhanced Batch Processing.
Protection from Viewing
Print2HTML5 documents are just regular HTML or SVG files that can be downloaded and shown in a web browser. Like any other kind of files they cannot prevent themselves from copying or downloading by external software. So usually if a user views a standard Print2HTML5 document in the browser, it means this document is already somewhere on disk and user can in principle re-open and view this document as many times as he wishes. If this is not what you intended, it may present a problem for you. Fortunately Print2HTML5 provides some kind of solution to this problem.
Protection from Storing of Documents in Browser Cache
Usually web browsers store downloaded resources including Print2HTML5 documents on disk to provide faster document retrieval when you open this document the next time. The area where such resources are stored is called browser cache.
If you intention is to show documents only online in browser, you may be concerned that the documents already viewed by user are stored on disk. It means that an intelligent user can find a document in the cache, retrieve it from there and open it. However, you may prevent caching in browser by sending these HTTP headers when returning Print2HTML5 documents from your web server:
Pragma: no-cache |
However, note that there are offline browsers that always cache downloaded files regardless of the headers.
Restricting Access to Documents by Domain
You may
achieve additional protection if you allow your documents to be viewed only when
they are downloaded in the browser from your site (domain). If a user
stores this document on disk or retrieves it from disk cache or uploads it to
another web site, this protection technique will not allow this document to be
shown in these cases. Thus your documents appear to be "linked" to your site
without a possibility to view them from other sites or disk.
To restrict access to documents by domain, you need to specify a list of allowed domains in the Protection tab of Document Options window. Then when you convert documents with Print2HTML5, this list is stored inside Print2HTML5 documents and used to check if access to document should be granted. When a protected document is opened, it checks the domain it has been loaded from and, if it matches one of the domains specified in the allowed list, the document is displayed to the user. Otherwise, the document is not displayed
For example, if your Print2HTML5documents are to be served only from your site with mysite.com domain, you need to add that domain to the allowed domain list. The effect of this will be the documents can be shown only when they are downloaded from this site (from a URL having "mysite.com" in its domain part). If this document is stored on disk or viewed from disk cache, the document will not be shown. If this document is uploaded to another site, it will not be shown from there either.
At programmatic conversion you can specify this allowed domains list using RestrictionDomains property of Profile object or in the RestrictionDomains parameter of Enhanced Batch Processing.
Custom Protection
The domain restriction technique is good enough but documents can still be shown offline in some offline browsers or other software that can fake the loading domain. For example, if an offline browser cached the document (regardless of the HTTP headers mentioned above) and loads it in the browser making it think that the document is loaded from an original allowed site it was downloaded earlier from, the document will still be shown as the document has no way to know if it has been downloaded from cache in such a case.
Therefore, the most reliable technique would be making the document send a request to your web server each time a document is opened asking it for permission to display the document. This way your server will be in complete control of when and to whom the access to your documents is allowed. This requires a custom approach and some implementation on your server (the script answering viewing permission requests).
Please contact our support if you are interested in such kind of solution sending us a description of your document protection requirements. We might provide you with a custom solution tailored to your needs.