: Preventing download of files while allowing them to be viewed We have a site with a login area for customers to download documents that the client uploads for them. Got some 'sensitive' documents
We have a site with a login area for customers to download documents that the client uploads for them. Got some 'sensitive' documents though that the client is forbidden from making available for download, but are allowed to display in the login area, provided the file can't be downloaded by the user.
Obviously as soon as the information is on screen there are ways of capturing it, but I think as long as there's no file > save (or right click > save as) kind of option possible then it's OK. Better still if the information couldn't even be copy / pasted. Any ideas how something like that could be achieved?
More posts by @Reiling115
3 Comments
Sorted by latest first Latest Oldest Best
We have a site with a login area for customers to download documents that the client uploads for them. Got some 'sensitive' documents though that the client is forbidden from making available for download, but are allowed to display in the login area, provided the file can't be downloaded by the user.
Unfortunately, at least if we are to assume that by "file" you really mean "the uploaded content", this is an impossible combination.
It is impossible because, in order to display something that is on the Internet, the computer that is used to display it must first download that data to some sort of local media (even if only into RAM). If the browser can download the data, then a sufficiently motivated user can capture the downloaded stream and store it. 99% of the time it would probably be easier than that; web development debugging tools exist that would make such things relatively easy, even.
As has been pointed out, you can put roadblocks in place. Here are a few ideas:
Javascript to block right-clicking to bring up a context menu.
A Flash- or Java-based renderer that does not allow saving.
A transparent <DIV> element on top of the display element (but depending on specifics that may impact things like navigation within the document).
Check the HTTP Referer header server-side, and only send the data if it matches what you expect.
Use HTTPS, perhaps even with a client certificate, to help prevent stream sniffing.
Render to protected PDFs and only make those PDFs available.
In the end, though, these will be roadblocks. They cannot prevent downloading the content, precisely because the content must be downloaded in some form in order to be displayed. Here are some ideas how a user might be able to circumvent the above measures:
Javascript to block right-clicking to bring up a context menu. Disable Javascript client-side, or use some means of accomplishing the same thing that does not involve using the particular mouse button on the protected elements.
A Flash- or Java-based renderer that does not allow saving. Screenshots of the rendered content at an appropriate magnificantion, manually or automatically stiched together. Also downloaded data stream sniffing using e.g. a packet sniffer like Wireshark or tcpdump.
A transparent <DIV> element on top of the display element (but depending on specifics that may impact things like navigation within the document). Using a DOM-modifying extension like Adblock Plus or Firebug to remove or disable the offending element.
Check the HTTP Referer header server-side, and only send the data if it matches what you expect. Use a user agent that allows the referer to be set explicitly on an external request, such as Wget (also works with cookies etc.).
Use HTTPS, perhaps even with a client certificate, to help prevent stream sniffing. A traditional Man-in-the-Middle attack against the HTTPS stream.
Render to protected PDFs and only make those PDFs available. Use a third-party PDF viewer that does not honor the protection (there are several open-source PDF viewers available that could, if no such thing already exists, probably relatively easily by someone with appropriate knowledge, be adapted to ignore the protection flags).
In the end, you will have to discuss with your customer and find out exactly what their need actually is. Maybe one or a combination of the above will provide sufficient protection. But you'll have to tell them up front: it is not possible to prevent downloading while allowing display, because display implies downloading. Whether this is a problem is another matter that is dependent on the customer's risk analysis in the particular case.
If the documents are PDF files or can be converted to PDF files there are some options to restrict the use of the document like not being able to print, copy/paste or extract contents from it. You will probably need to buy an application from Adobe or Foxit to create those protected PDF's.
If it's not too complicated, you could make a "screenshot" of it and post that on the page. They can save the image, but not the actual text/content.
Another small trick is placing a transparent div over it, disabling the right click for less tech advanced users.
You could also make a getMeTheFile.php and use that to get the files. In that PHP file, check if you are in the whole of the page, or opened directly (right click -> save would be a direct call).
I don't think you can stop this 100%, only throw up a few roadblocks.
Terms of Use Create Support ticket Your support tickets Stock Market News! © vmapp.org2024 All Rights reserved.