> Gbenga Bello wrote: > =============== > My concern with this is that; consider that this was a > confidential document, that means that somebody can make away > with a copy for dubious purpose. > I feel that at the time when u open such a document from the > server, the user should not have access to the SaveAs menu or it > should be disabled at that time for reasons of security. > This is what I meant by the statement "This means that an > unauthorized user can steal the document by just saving it on the > local drive". > I hope you got the gist! > Does my thinking make sense? > I need you to comment on this and then extend the slide webdav > capability to disable the saveas menu when a document is opened > for editting (if this does not exist be4). This I think, will > increase the security of the document on the server. >
I've had to support locking down documents in an ECM application for legal documents. Sounds you have similar requirements. As far as I know, nothing is going to stop a user from using the client's (Word's) capabilities to re-disseminate the document. Even if "Save As" were disabled, there is also the File->"Send To..." option to deal with. Additionally, a user can simply cut and paste the entire document contents into a new document. A user with a PDF print driver can print to PDF and re-disseminate. The user could print a paper copy and fax it. A user could also screenshot the document contents as well even if all else were locked-down. In our application we went with a proprietary vendor's document viewer; http://www.net-it.com since their viewer has options to disable printing, disable copy/paste, a disable download of the original as viewer parameters. Another technology we looked at was Macromedia's "flash paper"; http://www.macromedia.com/software/contribute/productinfo/flashpaper/ IMHO - a user that is given permission to view a sensitive document must be a trusted person who will not jeopardize your organizations security. Setting clear expectations, code-of-conduct, and letting the user know the ramifications of breaking those rules is the real issue. Technology solutions can make it much more difficult for users to "steal" documents, but in the end it is not a problem that can entirely be solved with technology as far as I know. I think the base issue you present is different from what Slide is intended to address - document storage, protocols to access that storage, and security around that access mechanism. But not the security of how client applications handle the retrieved data. I'm no Slide expert either, so anyone feel free to jump in and correct me if I'm off base here. Hope that helps. -TR PS> Our approach was just one means - which is to use a specialized client/viewer to access the document. That was 4 or 5 years ago. Only recently did we revisit the design when "Flash paper" was introduced, but decided the existing solution was fine and no gain would be made by changing it. Another example solution - I vaguely recall some company's product that would only allow a logged in network/domain user to open documents...if the user opening the document was not a privileged user according to the document's metadata then the document wouldn't display (probably done with a macro in the document I'd think.) --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
