3

I am looking to include a document viewer in my CakePHP application for uploaded docs. I want a viewer that supports Microsoft Word (.DOC and .DOCX), Microsoft PowerPoint (.PPT and .PPTX) and Adobe Portable Document Format (.PDF).

I want my users to be able to view the documents, but not download it. Google document viewer is great, but users can just plug the URL into the address bar and download the document.

Is there anyway I can share my docs with users just as readable docs?

KatieK
  • 13,586
  • 17
  • 76
  • 90
Ivanka T
  • 109
  • 3
  • 9

2 Answers2

5

First you must understand that when the user's browser displays some file/content, it is already on the user's machine. It has been downloaded already. There is no magic "the content stays on the server, but the user can see it". Data are always transferred from the server to the user, and the user can make the data stay on his machine - one way or another.

If you understood this, you have several options:

  • You do not care about the user having the file. This is the most sane option. All other methods are some sort of "DRM" which users hate.
  • Transfer the data the user shall see to the browser only:
    • generate an image of the part of the document the user is looking at and send that to the browser. The user has no text data and needs to do many requests to get all of the document downloaded.
    • write a browser plugin (java, flash, javascript) that reads encrypted documents from the server, unencrypts them (again, on the user's machine - which means he can peek into it) and displays it. This way, the user doesn't simply get the document but needs to decrypt it.

There are existing solutions, i.e. embedding slideshare presentations with disabled download option. Don't try to invent your own, especially not if you don't want to go the long way with support and continuous enhancements.

cweiske
  • 30,033
  • 14
  • 133
  • 194
1

I stick with the following guidelines using google document viewer.

  • Generate the random URL address everytime for the document (using server side scripting and htaccess. I am using PHP & htaccess). This will not give anyone direct access to the file.
  • Encode the time and date (by using any server string encoding script) with the URL so that file could be accessed only for certain time (let's say 5 minutes)
  • Output file only by matching Google Document Viewer User Agent. This will only give Google Document Viewer access to that file but no one else, even if they type that address in browser.

This is still not a very secure way but does the trick for me.

Peter O.
  • 32,158
  • 14
  • 82
  • 96
Omer
  • 11
  • 1