PrizmDoc v12.2 - March 9, 2017
Digital Rights Management Configuration

The Viewing Client can be configured to disable UI buttons that will allow an end user to easily duplicate the content of a document.

The following UI buttons can be disabled using configuration options:

Example
Copy Code
// DRM options are controlled through the viewer’s options argument.
var pluginOptions = {
       documentID: viewingSessionId,
       language: languageItems,
       template: htmlTemplates,
       uiElements: {
           download: false,   // hide download button
           copyPaste: false,  // hide select text tool button
           printing: false    // hide print button
       },
   };

$("#myDiv").pccViewer(pluginOptions);

Server-Side DRM

DRM options for the Viewing Client are enforced only in the Viewing Client UI. A skilled end user can manipulate the browser to circumvent the viewer-based DRM enforcement.

Techniques a skilled user can use to circumvent viewer-based DRM enforcement:

  1. Edit the JavaScript run by the browser, which allows them to:
    1. Change the plugin options for DRM.
    2. Directly call the API of the viewer control to print or set the select text tool.
  2. Directly call the server API to download the original document.

Additional security measures can be added using server-side code changes which are listed below:

Document Download

  1. Create a new viewerTemplate.html file that excludes the document download button (data-pcc-download).
    1. Using this technique, the download button will not be available, regardless of the plugin options.    

Copying Text

There are not any server-side techniques to strengthen DRM enforcement of copying text. However, removing the text selection control from the UI will require the user to understand the text selection API in order to enable it on the Viewing Client. The manner in which the product renders svg also makes it nearly impossible to copy text just using a browser’s text selection capability.

Printing

  1. Create a new viewerTemplate.html file that excludes the print button (data-pcc-print="launch").
    1. Using this technique, the print button will not be available, regardless of the plugin options.
  2. Exclude the print template from the configuration object passed to the Viewing Client (pluginOptions.template.print).
    1. This can be controlled by the server-side code that generates the page.
    2. Using this technique, the ViewerControl#print(options) method will be non-functional.

Content Encryption

For an added layer of security, Content Encryption can be enabled to provide an obscured transfer of data from the PrizmDoc Server to the Viewing Client website, preventing unauthorized agents from discerning the content being transmitted. See Enabling Content Encryption for more information.

PrizmDoc is not designed or intended to be a fail-proof DRM system but does provide a few basic security measures to prevent most users from unintentionally accessing content to which they are not authorized.

 

 


©2017. Accusoft Corporation. All Rights Reserved.

Send Feedback