Secure Documents

In order for Google Viewer (the basis of GDE) to function, Google needs access to your source documents to translate them into images and present them in the viewer. The URL of the original document appears then (perhaps in some encoded way) in the browser’s address bar, as well as in the source code of the page. What if you want your document’s location to be hidden?

You can “obscure” the location of downloadable documents using the “Shorten URL” option. But in order to truly block downloads of your embedded files, you’ll need to use the secure document feature of GDE 2.5+ and the Enhanced Viewer. With this option selected, the true location of the file is known only to Google Viewer (and you).

Enable Secure Document support

The option to “block all download requests for file” appears on the settings page (either on the General tab for the default profile, or the Profile Edit screen for others) only if your other settings allow documents to be protected. Because this combination of settings can be a bit confusing, GDE 2.5+ includes a “max-doc-security” profile that you can use to automatically hide the location of sensitive documents. For reference, here is the combination necessary:

  • Set “Download Link” option to None.
  • Do any one of the following:
    • Remove the toolbar completely
    • Hide the Full Screen/New Window button
    • Change the Full Screen Behavior to¬†Full Screen Viewer

Also note that if you “Allow Printing,” the document may be saved locally in order to print, which kind of defeats the purpose, I would say. But you can still allow this if you wish.

How does it work?

The true location of your document is stored in the WordPress database automatically with a unique code. That code is encrypted in a special URL that allows Google and WordPress access to it, but no one else. If the user manages to decrypt the document URL, they will still be blocked from direct access to download the file.

Is it 100% secure?

This setting is designed to block downloads for the vast majority of users, even those with a bit of technical knowledge. Unfortunately because Google must access the document for conversion, there is no 100% secure method, but this feature is a marked improvement over simply masking the URL as in GDE versions prior to 2.5.

The Secure Documents feature should be used in conjunction with other web site security to hide the file, including the discouragement of search engines to the directory where the files are stored (such as via robots.txt) and .htaccess or similar measures to prevent listing directories on your web server. However, you cannot store the documents in password-protected directories, as Google would not be able to access them either and conversion won’t be possible.

Are there other ways to secure my documents?

It is possible for an advanced user to protect their files from direct download using their .htaccess file, while still including rules that allow Google Viewer to access them for conversion and display in the viewer. This is largely left as an exercise for the reader, but if you need to protect your documents in this way please use the Support section of the GDE Settings area and I can give you a few pointers or some (not tested in every context) starting rules to try.

One Response

  1. Wordpress Tips 22: How to embed documents in the post | Cathay Centuries

    […] the document can be effectively private to everyone but the viewer itself. You can also try the Secure Documents feature for more robust document […]

Leave a Reply