PDF from Domino: Security considerations

When you create PDF documents from your IBM Lotus Notes / Domino content you will most probably need to prevent unauthorised access, restrict sensitive operations, or apply certain permissions. Encryption may also be required to guard against disclosure of sensitive information in the case of loss or theft.

The main goal of any secure PDF approach is to secure PDF files so that they can be distributed amongst trusted recipients reliably, no matter what PDF viewer is used. In this article we’ll take a look at the options available for securing PDF documents and use our DominoPDF application for Notes To PDF conversion we’ll use this when demonstrating how PDF security can be achieved, however the same features apply no matter how the PDF is generated.

Secure PDF With Passwords
Passwords give you a quick way to restrict access to opening a PDF document and manipulating its content to people who have the required passwords used to secure the PDF file.
As with any password based approach the PDF security relies on the choice of good passwords. By setting a strong password policy in your organisation, such as combining numbers and letters, making passwords 8 or more characters long, not using common dictionary words alone etc., you minimise the risk of passwords being found out or compromised.

With PDF password security, it is possible to specify different passwords to open (Open or User Password) and modify (Permission or Owner Password) a PDF document. You can allow one set of users to open a PDF document, and another set to make unrestricted changes. Open (or User) Passwords Open passwords lock your PDF document so only people with the correct password can actually open the file and read the contents.
To set the Open password with DominoPDF, pass the password value to the DoPDF() method using the UserPassword= setting.
Call DoPDF(
         sURL,
         sPDF,
         “UserPassword=secret”)
Permission (or Owner) Passwords
Permission passwords lock particular functionality when a user opens the PDF document. For example, you can stop someone copying text from a PDF document or stop them from printing the PDF document to a hard copy.

To set the Permission password with DominoPDF, pass the password value to the DoPDF() method using the OwnerPassword= setting.
Call DoPDF(
         sURL,
         sPDF,
         “UserPassword=secret;
         OwnerPassword=secret”)

PDF Permissions
When the permission password specified above is used, permission settings can be made to define what a user can or cannot do once they have opened the PDF document.
Below is a list of each permission and how they affect the document and a users usage.

PDF Printing Allowed Permission
None: Prohibits all printing. Low resolution (150 DPI): Allows printing, but only at a low resolution. High resolution: Allows full printing privileges.
PDF Changes Allowed Permission
None: Prohibits all changes to the document. Inserting, deleting and rotating pages: Allows the insertion, deletion, and rotation of pages. Filling in form fields and signing existing signature fields: Prohibits changes to the PDF document, but allows the addition of form data, and digital signatures. Commenting, filling in form fields and signing existing signature
fields: Allows for the addition of comments, form data, and digital signatures. Any except extracting pages: Allows all changes except for the extraction of pages.

PDF Copying Permission
Off: Prohibits users selecting text or graphical objects, which would allow copying and pasting of content. On: Enables text and graphics selection and allows extraction of this
content.
PDF Text Access For Screen Readers and Visually Impaired Permission
Off: Disallows text to be accessed by screen-reading software for the visually impaired. On: Allows text to be accessed by screen-reading software for the visually impaired.
Permissions are controlled in DominoPDF by passing the appropriate setting, for example EnablePrinting=True, to the DoPDF() method.

Call DoPDF(
         sURL,
         sPDF,
         “UserPassword=secret;
         OwnerPassword=secret;
         Encryption=True;
         EncryptStrength=128;
         EnablePrinting=False;
         EnableCopying=False;
         EnableEditing=False;
         EnableAnnotations=False;
         EnableFields=False;
         EnableCopyAccess=False;
         EnableAssemble=False;
         EnablePrintFull=False”)

PDF Encryption Passwords provide the first level of protection to your PDF document.
Encrypting a PDF document makes the content inside the file incomprehensible or “scrambled” using an algorithm which can only be decoded by the PDF viewer.
If encryption were not applied to the PDF document it could be examined in an external application and the plain text content could be exposed.
To enable encryption in DominoPDF, pass the Encryption=True setting in the DoPDF() method.
Call DoPDF(
         sURL,
         sPDF,
         “UserPassword=secret;
         OwnerPassword=secret;
         Encryption=True”)

PDF documents typically expose 2 levels of encryption (third-party vendors can provide more options); 40-bit and 128-bit encryption. In terms of what the numbers represent, “40” and “128” bit encryption refer to the size of the key used to encrypt the message. Presently, 40-bit encryption is not considered “strong” security in the cryptographic community and 128-bit encryption provides a significantly greater amount of cryptographic protection than 40-bit encryption. The level of encryption, 40-bit or 128-bit, is controlled in DominoPDF
with the EncryptStrength=40 or EncryptStrength=128 setting.
Call DoPDF(
         sURL,
         sPDF,
         “UserPassword=secret;
         OwnerPassword=secret;
         Encryption=True;
         EncryptStrength=128”)

Summary
By taking the necessary steps to secure your converted IBM Lotus Notes content before it leaves the safety of your database you can ensure sensitive and confidential information remains secure. DominoPDF can be used to convert your IBM Lotus Notes / Domino content to PDF and secure the PDF document for distribution.

== Cheers ==

Advertisements

About msetyadi

I am an IT Strategic
This entry was posted in Expertise. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s