I found the script here for disabling right clicks on images and it work wonderfully, but wanted to know if there was one (or if the current script could be modified) to block PDFs from being copied as well. My coding skills are a little rough since I haven't been "in practice" in years and I'm not even sure if that type of PDF control is within the power of scripting.

This is the script I have for reference sake...

<script language="JavaScript1.2">

/*
Disable right click script II (on images)- By Dynamicdrive.com
For full source, Terms of service, and 100s DTHML scripts
Visit http://www.dynamicdrive.com
*/

var clickmessage="Right click disabled on images"

function disableclick(e) {
if (document.all) {
if (event.button==2||event.button==3) {
if (event.srcElement.tagName=="IMG"){
alert(clickmessage);
return false;
}
}
}
else if (document.layers) {
if (e.which == 3) {
alert(clickmessage);
return false;
}
}
else if (document.getElementById){
if (e.which==3&&e.target.tagName=="IMG"){
alert(clickmessage)
return false
}
}
}

function associateimages(){
for(i=0;i<document.images.length;i++)
document.images[i].onmousedown=disableclick;
}

if (document.all)
document.onmousedown=disableclick
else if (document.getElementById)
document.onmouseup=disableclick
else if (document.layers)
associateimages()
</script>

These are more security through obscurity tbh.

If someone wants to get the images on a page, they can do. Stopping the right click isn't going to stop them. Same with any type of file. The main thing with PDFs, especially viewed online is that they are designed to be clicked.

If you have a single page PDF displayed on your page, you can "mask" it by placing a blank div tag over the top of it using absolute positioning and give it a higher z-index than the PDF. That way, any right clicks will be on the div, not on the PDF object.

This, however, is still only security through obscurity and the .pdf file will still be able to be grabbed by anyone with the smallest knowledge of WPD.

If you are seriously concerned about the security of your PDF, the most secure way to display it would be via a Flash SWF, possibly made bespoke, that takes the file from a secured xml file. The raw.pdf will only be accessible then to people (like me) who enjoy data-mining through XML files.

An extra layer of security may include only having a CLSID key within the XML that relates to a url within the SWF, then you'd need to use an SWF decompiler to grab the url to the file.

I know there is nothing full proof, and the security isn't really a big deal. I just wanted to make it a bit of a nuisance for people to copy stuff. It would cut back or stop the less tech savvy from getting stuff and those are more often the ones using my site. I have my images watermarked as well so even if they get them they'd still have to edit them.

I have heard of the div tag and blank/transparent gif methods, but like you said PDFs were made to be clicked and just rolling over it gives you a save button. I was curious if there was any way to disable that or if it's just entirely out of my hands.

Unfortunately, the only way I know off the top of my head is for ASP.NET. I don't know what language your site is in.

If you are using ASP.NET, you can add the following section to your site's Web.config file:


<location path="/PDFfolder">
<system.web>
<authorization>
<allow roles="PDFROLE"/>
<deny users="*"/>
</authorization>
</system.web>
</location>

I've edited the code so that it should work for embedded objects on the page. This may or may not work.


var clickmessage = "Right click disabled on embedded objects"

function disableclick(e) {
if (document.all) {
if (event.button == 2 || event.button == 3) {
if (event.srcElement.tagName == "OBJECT") {
alert(clickmessage);
return false;
}
}
}
else if (document.layers) {
if (e.which == 3) {
alert(clickmessage);
return false;
}
}
else if (document.getElementById) {
if (e.which == 3 && e.target.tagName == "OBJECT") {
alert(clickmessage)
return false
}
}
}

function associateimages() {
for (i = 0; i < document.getElementsByTagName('OBJECT').length; i++) {
document.getElementsByTagName('OBJECT')[i].onmousedown = disableclick(e);
}
}

if (document.all) {
document.onmousedown = disableclick(e);
} else if (document.getElementById) {
document.onmouseup = disableclick(e);
} else if (document.layers) {
associateimages();
}

I greatly appreciate the help. The "object" code didn't work for me unfortunately and I can't use the ASP.net either

I might just go with the div tags and leave it at that. I have thousands of pictures, but only a couple dozen PDFs to worry about.

P.s. Apache Tech already touched on this, but I feel the need to say a bit more on the topic!

If there is an image on your site, no matter what someone can get it. They could get the original file off of your server, or they could just take a screen shot of it!

If there is a pdf file on your site, you gessed it - someone can get it. If they just want the contents of the file, they could take a screenshot. Alternitivly, they could find the source file for the pdf, or use a grabbing software to do it for them!

The best way to secure your content is -
Watermark all the images/pdfs
Low quality images
Put a warning on the page, advising them to not download your content
I believe there is a google project that scans all the sites they crawl on a regular basis for a keyword (or paragraph) that you provide them, for the purpose of seeing if your content is on other peoples sites. Not sure if it'd work with images though...

If you find someone has taken your content (images/pdfs), contact them and ask them to remove/delete it. Most times this is enough

If someone else is using it on their site and you've contacted them, asking to remove it (but they wont), contact their hosting. Often the host will make them remove that particular object. If none of this works, you could always take them to court, but that is a really extreem measure...


In the end, the best way to keep your data is not to do anything at all!

Most hackers (or to be technically correct; crackers) only do what they do for the challenge. If there's no challenge, they probably wouldn't bother!

If people are downloading your content, just put up a notice asking them to link back to you. It'll show that you made the content and your website may get extra visitors!

I will conclude (wow, that makes it sound like an essay :D) by saying that the internet is made for sharing. If you don't want to share something with the world, don't put it on your site!

Thankyou for listening :D


P.s. If you really want to make your content secure, (the pdfs) invent your own language (similar to pdf) then rewrite the files you want into it. Then in the program you made, write a clause that states that if the file location that they're trying to view isn't (insert list here), don't display the file. Hence, rendering downloading the files useless (unless they decompile the software). :D

Most hackers (or to be technically correct; crackers) only do what they do for the challenge. If there's no challenge, they probably wouldn't bother!

This is true. More than you think.

If I see protected images on a page, I'll make a Greasemonkey script that unlocks them; like with IMDb etc. It's harmless, but it's just the challenge that's the fun bit.

But, to kind of go back on what Key said; the difference between hacking and cracking is more about intention than method. Hackers are in it for the challenge, we'll see a locked door and wonder how to open it; what's on the other side is irrelevent, so long as we can get in. Crackers however, are in it for the gain, they see the locked door and know something they want is on the other side; how they get through the door is irrelevent, so long as they can get in.