I need to protect a set of PDF files that will be exposed to users on a webpage. PDF should only be readable, no other permission should be possible.
Using pdftk I have created "secured" PDF which I have tested both in various browsers. So far so good.
pdftk input.pdf output protected.pdf owner_pw <PASSWORD_GOES_HERE>
But a colleague of mine pointed me a way which with Ghostscript 8.70 it is possible to remove the protection:
ghostscript -dNOPAUSE -dBATCH -sDEVICE=pdfwrite -sOutputFile=unprotected.pdf -c .setpdfwrite -f protected.pdf
Does this means that Ghostcript does not honor security permissions?
I wanted to try signing with a certificate, but I've seen that this can also be circumvented: http://ronin-group.org/misc_pdfsignatures.html
How to genuinely protect the content from PDF from users when serving them in web pages?
"How to genuinely protect the content from PDF from users when serving them in web pages?"
You cannot.