One thing that I appreciate about Activ E-Book is how it permits javascript to be used. In order to allow this functionality it needs to create a temp directory, which it deletes when the user closes the ebook.
My question is how secure are the files in the temp directory when the e-book is open?
Let's say that a user has free access to the first three chapters, then is expected to pay for the remainder of the book. Is it possible for a non-paying user to snoop around in the temp directory while the e-book is open and read the chapters that he is supposed to pay to read? Or are the locked pages somehow encrypted so even if he was able to locate the files he would be unable to read them?
Thanks for your help.
Posted on: 6:42 am on April 19, 2004
EBookCompiler
There are quite a few variations
4.0x and earlier: - The HTML pages the user is permitted to see will be there - The HTML pages the user is not permitted to see will be only contain the same info as "This page is password protected" type page
4.2x and later - depends on HTML Protection in Advanced Security
Low Security setting - same as 4.0x and earlier
High Security setting - the HTML pages in the temp folder are encoded, differently each time. So they won't be able to be viewed in a browser.
Posted on: 3:29 pm on April 20, 2004
Storyman
Thanks for the reply.
Just to be sure I've got a handle on this. Every time the e-book is opened and the security setting is set to high the files are stored in a temp directory with an unique encoding each time.
What advantage is there to using a low security setting? Is there a noticeable performance hit when using the high security setting due to the extra cycles required to encode/decode the material?
Richard
Posted on: 7:00 pm on April 20, 2004
EBookCompiler
yes I think your understanding is right
I have never noticed any speed difference between High and Low Security.
The Low Security option is supported because some people write scripts etc., which depend on there being HTML files
Posted on: 7:57 pm on April 21, 2004
Storyman
Whoa, now I'm confused.
You wrote:
"The Low Security option is supported because some people write scripts etc., which depend on there being HTML files."
Please explain what you mean by scripts that depend on HTML files. I'll be using HTML extensively and most likely it will be set within Frames. Is this going to be a problem if I use the higher security setting?
What sort of things am I prevented from doing if I use HTML?
Posted on: 9:51 pm on April 21, 2004
EBookCompiler
Nearly always High Security is not a problem
Some people write scripts which depend on their being an actual unencrypted HTML file on the disk. For example using the ebookcompiler API or scripts, you can actually open a file and read it into memory or something
Another case where you might want Low Security if you want to open one of your ebook pages outside of the ebook into a separate external Internet Explorer browser window. Internet Explorer doesn't know about our High Security option, so in this, you need to use Low Security
Posted on: 8:43 am on April 22, 2004
Storyman
I've got to say that your support for Activ e-Book is phenomenal and greatly appreciated.
Thanks again,
Richard
Posted on: 8:53 am on April 22, 2004
paulg
Although the html gets encrypted, there could be other embedded files such as images or multimedia files that one might wish to protect.
Using the {ebook} variable in ActivScript, it is possible to locate and over-write these files with null data when the e-book is exited, (is there a better way - ie is there a delete method?**) but I'm also trying to find a way of decrypting a non-html file 'on the fly' when the page that references it is activated.
Anyone got any ideas?
** I've just discovered that 4.22 tidies up after itself and deletes the temp files anyway!
(Edited by paulg at 11:21 am on May 15, 2004)
Posted on: 11:02 am on May 15, 2004
bigbook
I include an XLS file in my ebook. While the HTML files are encrypted in the temp directory, this file is not. Anyone who opens my book can get my XLS file without paying.
How can I protect my XLS file?
Posted on: 9:15 pm on January 22, 2005
paulg
I too have an xls file associated with my ebook. I use VBA to check that the password for the ebook has been entered, only then it can run. I also embed a 'self destruct' code so that if a user wants a refund for any reason, he has to apply a routine that sets a series of hidden flags that the VBA checks - once these are set, it returns a validation code so that I know the refund is safe and the program won't work any more.
Such is the power of Activ!
Posted on: 12:07 am on January 23, 2005
bigbook
That's great. But I also have some other files, like PPT, DOC and Microsoft Project.
You post has given me hope.
Posted on: 12:10 am on January 23, 2005
Storyman
PaulG,
Is there any chance that you'll be selling your VBA coding?
Posted on: 12:13 am on January 23, 2005
paulg
If it's MS Office based, then VBA can be used to test the variables that Activ sets, together with any custom cookie-like settings that are made using Activ script. It's not foolproof by any stretch of the imagination, but it will be OK for 99% of the time.
I don't want to publish exactly how I have done it, but rest assured it aint rocket science! Feel free to contact me if you want to discuss in more detail.
With any business, it is up to the individual owner of said business to ensure the success of the business. You may make more or less than any sample figures or results that might be quoted on our web sites or other publications. All business involves risk, and many businesses do not succeed. Further, Answers 2000 Limited does NOT represent that any particular individual or business is typical, or that any results or experiences achieved by any particular individual/business is necessarily typical.
Disclosure:
Our company's websites' content (including this website's content) includes advertisements for
our own company's websites, products, and services,
and for other organization's websites, products, and services.
In the case of links to other organization's websites,
our company may receive a payment, (1) if you purchase products or services,
or (2) if you sign-up for third party offers, after following links from this website.
Unless specifically otherwise stated, information about other organization's products and services,
is based on information provided by that organization,
the product/service vendor, and/or publicly available information - and should
not be taken to mean that we have used the product/service in question.
Additionally, our company's websites contain some adverts which we are paid
to display, but whose content is not selected by us, such as Google AdSense ads. For more
detailed information, please see Advertising/Endorsements Disclosures
Our sites use cookies, some of which may already be set on your computer. Use of our site
constitutes consent for this. For details, please see Privacy.
Click privacy for information about our company's privacy, data collection and data retention policies, and your rights.
