On 15 Mar 2013, at 13:11, "Dale H. Cook" <webmaster@xxxxxxxxxxxxxxxxxx> wrote: > At 09:44 PM 3/14/2013, tamouse mailing lists wrote: > >> If you are delivering files to a (human) user via their browser, by whatever mechanism, that means someone can write a script to scrape them. > > That script, however, would have to be running on my host system in order to access the script which actually delivers the file, as the latter script is located outside of the web root. If a browser can get at it then a spider can get at it. All this talk of the web root is daft. Unless your site is being specifically targeted (highly unlikely) then it automated systems that are downloading your content and offering it on other websites. The only way such a system can discover content is if it's linked from somewhere. Whether that link uses a script that inside or outside the web root is completely irrelevant. Since copies of the content is now out there, anything you add now to protect your content is not going to get it back. You'll have to pursue legal avenues to prevent it being made available, and that's usually prohibitively expensive. Based on your description of your users, you have the age-old dilemma of balancing ease of use and security. The more you try to protect the content from these spiders the harder you'll make it for users. Here's what I'd do: make sure your details and your website info are plastered across every page of the PDF files. Make sure that where copies exist it's going to be obvious where the content came from. It sounds like you don't charge for the content (this problem wouldn't exist if you did), so you have nothing financial to gain from controlling these external copies, other than wanting it to be clear from whence it came and where to find more. At the end of the day the question is this: would you rather control access to your creation (in which case charge a nominal fee for it), or would you prefer that it (and your name/cause) gets in to as many hands as possible. As a professional photographer I made the latter choice a long time ago and haven't looked back since. -Stuart -- Stuart Dallas 3ft9 Ltd http://3ft9.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php