PDF Security Software

Here we shall discuss the means of protecting information on web pages. Web data, whether it be accounting records or privileged information, can be stored in databases and delivered dynamically or it can stored in static files. Either way, it needs to be displayed in a custom viewer or web browser via web pages from a web site.

The Simplest Form Of Protection

The simplest form of protection for web data is password protection where privileged users can use a username/password combination for access to pages that display the information that they seek. Commonly used examples of password protected web sites are those that use a Content Management System (CMS) like Drupal, Joomla, Moodle or WordPress. Each of those CMS can use additional add-ons that can be installed to enhance member controls and different levels of access to restricted parts of the web site. The CMS mentioned here are the most popular ones because they are free and easy for almost anyone to install. Larger entities often use custom developed CMS for enhanced security (more on that later).

These CMS use a database to store all information displayed on the web site. When an item is requested the information is drawn from the database and displayed dynamically, filling the appropriately suited template. Access to the database and its records are protected by password only known to the code behind the web pages. Thus the information and data stored in the database can be limited to view by logged in users only.

Effectiveness of Data Security

Password protection can restrict access to the page displaying the information, but the information (data) sent from the server to the user's computer can be intercepted by using packet-sniffing software if they are on the same network. That means that anyone on the network as the server can trace data sent from the server and anyone on the user's network can intercept data being received. That is, unless the data is encrypted. However the data sent between a CMS and the user's browser is not usually encrypted. Using SSL on the website and requiring that all page requests use HTTPS provides a means of encrypting web data that can prevent usernames and password from being intercepted. However SSL has been circumvented in the past and today all web browsers raise an alarms if Transport Layer Security (TLS). TLS is the successor to SSL and uses stronger encryption, ie: a combination of symmetric and asymmetric cryptography using the user's session ID for decryption key.

While that may sound like a secure solution, that is not all that can be done. Modern web browsers cache everything that they download and that means that they save everything to a temporary folder before displaying it. Data can be retrieved from browser cache.

Enhancing Data Security

To properly secure web data encryption is needed between the web server and the user's web browser so that should packets be intercepted, that they cannot be deciphered. To create a secure tunnel between server and web browser, software needs to be installed on the server to encrypt the http requests before being sent to the browser. There are many solutions that a secure tunnel but that data can be viewed in normal web browsers then it can be exploited. Unless of course a browser plugin is used to decrypt proprietarily encrypted data for display in the browser. But again, popular web browsers are not designed to protect web content in any way, so whatever is downloaded can be retrieved from cache or memory.

So the best alternative is to use a secure tunnel that uses proprietary encryption (not open source) and ensure that the data is secure on both ends, on the web server and in the web browser, and the best way to do that is to use a proprietary web browser, one properly designed to cater for data protection and not provide easy methods for copy, print, and save of the web content.

The only server and browser solution that fits that will effectively protect data from all avenues and also provide copy protection of the web content while on display is the ArtistScope Site Protection System (ASPS) which uses the ArtisBrowser.

Author: William Kent
Date: 29th June 2019

Return to DRM and Copy Protection


No comments

 To post a comment, please complete all fields and submit: 
Your Name:
Your Company:
Your Email:
Your Comment:
Security code: