This is fine if you assume everyone is using Adobe Reader or some other
program which cooperates with the rules. However, PDF is a known/open
format, and there are a number of Open Source PDF readers (such as
Xpdf), especially for Linux/*BSD. Even if the released versions of these
programs follow the rules, I can get the source code and change it to
ignore the "read-only" bits (yes, I'm a programmer, but there are a lot
of us out here who are), or just write a little utility to unprotect the
file and then use a regular PDF program on the altered file.
Bottom line: for ANY file, if I know where the protect bits are, I can
write a program to turn them off.
Jim Hartley
rob clement wrote:
Drew Jensen wrote:
Alan Boba wrote:
On 10/28/07, Drew Jensen <[EMAIL PROTECTED]> wrote:
Alan Boba wrote:
On 10/28/07, Drew Jensen <[EMAIL PROTECTED]> wrote:
Mathias Bauer wrote:
Alan Boba wrote:
On 10/24/07, Mathias Bauer <[EMAIL PROTECTED]> wrote:
You can't enforce "read only" behavior in an open file format. If
somebody wanted to change your file he just can do it on the level
of
the xml streams inside the package. So such a feature is
pointless.
And if the file format is open, everybody can
change the file and so circumvent its logical "read-only" state.
You are not actually saying then that the whole idea of Document
Rights
Management is impossible to implement in a Open Document Format, are
you?
Nope, Mathias is saying read only can't be enforced with or without a
password in an open document format. The document content can
always be
changed by altering the file directly rather than using the UI, since
the
file's contents aren't in a proprietary binary format.
So what is being said is this maybe.
The concept of Document Rights Management, when the file format is
Open,
is dependent on the producers maintaining control over distribution of
physical copies of the file. It is not manifest within the file itself.
I don't believe so. What's being said is 'read only' as many people
experience in Word can't be enforced because of the open document
format.
However the ability to know whether a document is changed can be
enforced
through the use of signing. It's just that signing isn't intuitively
understood by the average user and, IMHO, the way it's implemented in
OOo
won't give the average user the sense that they can know whether the
document they've distributed has been changed.
For example Alan creates and signs a document and sends it to Drew.
Alan's
note to Drew says here's the file, you shouldn't change it, I've
signed it
so if you do make changes it will no longer be signed and I'll be
able to
show it's not the file I originally sent.
This is different than read only in Word. If the recipient knows the
password used to make the file 'read only' they can change it to their
hearts content and redistribute with changes. Someone knowing the
password
is not that uncommon because many people don't create different
passwords
for different documents (imagine the password management headaches).
So a
password becomes commonly used throughout an office and using read
only is
really just a flag to the recipient that says 'hey I don't want you to
change this!'
Thank you - I had not thought to look at the issue of signing the
document and how that would play into it.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Ok
I think we started with the idea of exporting to PDF. I think this needs
to be looked at again. In the export to PDF within OOo we have a
security tab. If you select the "restrict permission options" and set a
permissions password you can select to have the document that "changes
are not permitted" and unselect the "enable copying of content"
I think that the resultant PDF could then be read by anyone, would not
allow changes and would not allow copying. Will this not meet the
original request?
I hope you will let me know if there are any flaws in my logic.
--
Teen Angel - a ghost story - http://teenangel.netfirms.com
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
