Encrypted Pdf is secure - but how do I keep people from stealing my password ?
- From: bruno <bruno (at) lowagie.com>
- Date: Wed, 14 Jun 2006 14:37:03 +0200
java.jago wrote:
>>I don't ever put a password in my source code
>>(except for simple examples). I always use a
>>properties file or something similar.
>>Of course, the problem remains: if your properties
>>file is compromised so is your password.
>>
>>
>
>Actually that's exacly the point - a properties file would give the
>password away even easier.
>
>
We are talking about totally different things.
I am talking about PDF files generated on a server.
These PDF files are encrypted with an owner password.
The owner password never leaves the server.
It is perfectly safe as long as the OS is safe.
>The point is, encrypted pdfs are generated on the user machine - and
>send to a server. The user and nobody in between should be able to open
>the pdf...only the server should be! for that he has to know the
>password - meaning, I need to predefine a password, which will be used
>for pdf encryption! But where do I store this password..?
>
Based on your story I don't see any reason why the
PDF should be encrypted. Don't encrypt the PDF and
do all client-server communication using SSL.
br,
Bruno
_______________________________________________
iText-questions mailing list
iText-questions (at) lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/itext-questions