Hello,
Is it possible to export excel file to password protected pdf?
TIA and best regards
Branko
Hi,
Sadly we currently don't support encrypted pdf files.
Anything new?
Encrypted pdfs is not something we have in our middle term plans, even if all plans can change. But right now, it doesn't seem to be a very requested feature, so it is not on our roadmap.
Sorry about that, and I understand that for some users encrypted pdfs are important, but there are infinite things to implement, and we need to have some limits.
About encryption itself, there are 2 different requests that it might refer to:
1)Full file encryption, so you need a password to open the file. This is something that could be implemented, but it might affect negatively the performance of normal not encrypted files so it should be done with care. But as said, we haven't seen much demand for encrypted pdfs as to justify all the development effort involved.
2)Pdf "Protections" ("do not print" or "do not allow copy an paste", etc) . This is more commonly requested than encrypted pdfs, but the main issue is that as the pdf reader has to be able to read and show the file, all protections are fake. All data is there and available, or the pdf reader couldn't show it, so the only thing you need is some reader which will not honor the protections. Decades ago the "security by obscurity" provided by this could have been enough, but today a 5 sec google search can tell you how to unprotect a "protected" pdf. If you really want to have a pdf that can't be modified, you should sign it (and FlexCel can sign pdf files). By signing the pdf, people can still modify it, but the modified files will have either an invalid signature or a signature not signed by you. That is the only real protection that can be implemented, all the others can be defeated with a google search, and just give a false sense of security.
Easiest thing to do is just to use ITextSharp and then you can do your password protection and almost anything else you want to do :)
Regards
Trevor,
While I agree that using another product () to add protections is the easiest thing to do, I don't think it is the correct thing to do. The "protection" will be as useless if it is added by a third party, as it would be if we added it ourselves.
The reason I emphasize on this is because (as you might know) my focus is always in helping the customers to find the best solution for their problems, and that means understanding the problem and looking for the best approach to solve it, even if that is not the approach the user originally suggested or wanted to do.
This doesn't mean we don't code a lot of features I personally consider not useful: Ultimately the decision on what approach to follow lies our users, and we will do what is in our hand to help them do it. It is not we having a "holier than thou" attitude and telling you what solution you should use, but just we letting you know that this particular feature is not likely to be implemented in middle term because there are more requested ones, and also letting you know that the solution is not really a solution and that there are real solutions to this problem like pdf signing.
And I can understand that someone might think that their users are smart enough to use Acrobat to modify a pdf, but not smart enough to google "unlock pdf file" to unprotect it first, so if we had the resources, we would implement it. We are not opposed to it on religious grounds.
About this particular case, we followed the discussion by email, and they are trying with PDF signing. Sadly there were some missing bits in the Delphi implementation of pdf signing, which I have already finished, and I hope to send them a modified FlexCel version by friday when I am back home.
I was actually right now writing a "tips and tricks" post telling you why you should sign your pdf files, so that is why I am expanding on the topic here. But don't get it backwards: It is not that I recommend to sign instead of protecting because we support pdf signing and not protection. If anything it is the other way around: We support pdf signing because it is a serious solution that can't be defeated not by a 5 sec google search but also not by the NSA working full time during months either, while pdf protection does nothing but give you a false sense of security so it is lower in the list of stuff to implement.
In my view, if you are giving documents to the public that can be used as proof of anything, they should be signed, and probably be PDF/A too. (and note that PDF/A forbids encryption, so you can't use the protections in PDF/A). But nobody seems to be signing their pdfs (I just got some pdfs from my government and they aren't signed, meaning I can't use them as proof of anything). So I will keep in my quest to spread the needing for signing :) But again, that doesn't mean that I have any religious opposition to PDF "protection" and would implement it if we had the resources. It is just that I want people to know that signing is a real solution based in sound asymmetric cryptography and pdf protection is a hack that relies in people not knowing how to use google. Not everybody is aware of that, and some people might think that PDF protections are actually secure. More about that in the "tips and tricks" I am writing.
()In this case, as this is the delphi forum probably iTextSharp is not the best option as it would require .NET, but I am sure there are equivalent components for delphi.
Hi Adrian,
Certainly take your point there...and yes I do agree with you on the security. I also know that when I receive my bank/credit card statements, they are also only protected with a very basic level of protection...and the password is not a very difficult password to crack.
My apologies on posting this into the delphi forum...i totally did not see that at the top :| As I recall (from my VCL days) there were 'similar' types of products that were/are available for Delphi.
I would definitely agree that you do put in a stellar effort to make sure that the very best solution is delivered. But we (as service/product providers) are sometimes put into the situation of having to deliver something that works/looks like what the customer is wanting...so using some other 3rd party solution, may just be the most pragmatic way of getting the job done.