[1651] in WWW Security List Archive
Re: preventing downloading
daemon@ATHENA.MIT.EDU (Charlie Kaufman/Iris)
Thu Mar 14 22:35:49 1996
To: matt jackson <mattj@indiana.edu>
Cc: Www-Security <Www-Security@ns2.rutgers.edu>
From: Charlie Kaufman/Iris <Charlie_Kaufman/Iris.IRIS@iris.com>
Date: 14 Mar 96 19:28:52 EDT
Errors-To: owner-www-security@ns2.rutgers.edu
>Is it possible to create a Web site where users can view documents but
>they cannot download or print anything without authorization?
The short answer is 'no'.
The long answer is that any such controls would have to be enforced by the
client software the user is running rather than the server software. Once the
data is in your machine, it's your machine that decides what you're allowed to
do with it. MLS (Multi-Level Secure) workstations are designed with this sort
of functionality in mind - they can allow a user to look at data but keeps
control of what users can do with it. To have enforcement really work, it has
to be implemented in the operating system, best if there's support in the
applications as well. Some "proprietary" applications make half hearted
attempts to make this work without operating system support. Lotus Notes, for
example, allows the owner of a document to mark it as not copyable and then
users can look at it but can't extract it to a file, print it, or copy any part
to the clipboard. It doesn't suppress "print screen", however, and for the
clever there are other ways of getting around it. PGP messages similarly can
contain a flag that prevents unmodified PGP software from copying the cleartext
to a file - it can only be displayed.
I don't believe there is any defined flag in Web documents expressing the
intent that the information not be saveable. That would not be hard to add, and
it should probably be there. But enforcement is entirely at the discretion of
the browser. It should not be thought of as a security feature, but rather as
something that prevents a user from saving the information accidentally - say -
in violation of copyright. An enforcement technique could be good enough that a
user could not plausibly claim that he did not intend to break any rules.
--Charlie Kaufman
(charlie_kaufman@iris.com)
