In order for Google Viewer (the basis of GDE) to function, Google needs access to your source documents to translate them into images and present them in the viewer. The URL of the original document appears then (perhaps in some encoded way) in the browser’s address bar, as well as in the source code of the page. What if you want your document’s location to be hidden?
You can “obscure” the location of downloadable documents using the “Shorten URL” option. But in order to truly block downloads of your embedded files, you’ll need to use the secure document feature of GDE 2.5+ and the Enhanced Viewer. With this option selected, the true location of the file is known only to Google Viewer (and you).
Enable Secure Document support
The option to “block all download requests for file” appears on the settings page (either on the General tab for the default profile, or the Profile Edit screen for others) only if your other settings allow documents to be protected. Because this combination of settings can be a bit confusing, GDE 2.5+ includes a “max-doc-security” profile that you can use to automatically hide the location of sensitive documents. For reference, here is the combination necessary:
- Set “Download Link” option to None.
- Do any one of the following:
- Remove the toolbar completely
- Hide the Full Screen/New Window button
- Change the Full Screen Behavior to Full Screen Viewer
Also note that if you “Allow Printing,” the document may be saved locally in order to print, which kind of defeats the purpose, I would say. But you can still allow this if you wish.
How does it work?
The true location of your document is stored in the WordPress database automatically with a unique code. That code is encrypted in a special URL that allows Google and WordPress access to it, but no one else. If the user manages to decrypt the document URL, they will still be blocked from direct access to download the file.
Is it 100% secure?
This setting is designed to block downloads for the vast majority of users, even those with a bit of technical knowledge. Unfortunately because Google must access the document for conversion, there is no 100% secure method, but this feature is a marked improvement over simply masking the URL as in GDE versions prior to 2.5.
The Secure Documents feature should be used in conjunction with other web site security to hide the file, including the discouragement of search engines to the directory where the files are stored (such as via robots.txt) and .htaccess or similar measures to prevent listing directories on your web server. However, you cannot store the documents in password-protected directories, as Google would not be able to access them either and conversion won’t be possible.