Encrypted Pdf is secure - but how do I keep people from stealing my password ?

[bruno <bruno (at) lowagie.com>]

java.jago wrote:

>>If you want to choose the owner password,
>>and you want this password to be used for
>>creating a PDF on the client side, you can
>>only protect this password 'psychologically'.
>>Meaning you can obfuscate it, but a hacker
>>will always be able to retrieve it.
>>    
>>
>
>Thanks,
>
>Actually the program would do everything - the user is not prompted for 
>a password. The pdf should also be save from him!
>
Then why create the PDF at the client side?
Why not create it on the server side?

> That's also a reason 
>why I can't use an unencrypted pdf and SSL - this would the user just to 
>read it from his disk, if he figures out where it is stored.
>  
>
Why do you store the PDF on disk?
Why don't you send it as a stream?

>I believe Zelix Klassmaster encrypts Strings in Java - so 
>"password_Example" becomes "F43Jff§234554"
>
>However - this is just done to distract people who decompile the code 
>and who want to understand what the code is doing by looking at the Strings.
>  
>
That's what I meant with 'psychological' protection.
br,
Bruno


_______________________________________________
iText-questions mailing list
iText-questions (at) lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/itext-questions