Security Profiles

Applies to HTML Viewer, IE Browser publications.

Security profiles determine whether a page may be accessed (given some conditions like password, trial publication, certificates, script function result...) and what end users can do when viewing this page (usual actions like copying text, printing page, copying images, etc...).

Description of security profiles

A security profile contains one or more "conditions": when a condition is fulfilled (if .... is True), the associated actions are executed (then do .....).

Security profiles are associated with HTML pages. When a page is being requested, the publication first loads its security profile, then analyzes the different conditions and when one or more of the latter are fulfilled, their related actions are executed.

Goal of security profiles

Security profiles may be used for a lot of reasons. Here are some examples:

  • You can create a security profile that password protects pages. When such a page is requested, the end user is prompted for the password. If he/she fails to give the right password, the page is not displayed. See the steps for this example.
     
  • You could forbid the print function for a group of pages.
     
  • If you create Trial/restricted publications, you may lock some chapter pages of the shareware version of your ebook. When an end user registers, you send him/her a key that unlocks the remaining chapters.
A detailed example about how to work with security profiles (with an animated tutorial, sample projects and a full ebook) is available at http://samples.htmlexe.com. Be sure to grab a copy!

Managing security profiles

Before you assign security profiles to HTML pages, you must first create them. These profiles are managed using the tree editor as shown below:

  • To add a security profile, just click Add and select Add New Security Profile.
    Each security profile is created with a condition named "Always".
     
  • To add a new condition, select the Profile you wish, press Add and select Add New Condition. You will be prompted to determine the condition (see below).
     
  • Finally you can configure the actions of a given condition by clicking on Configure.
     
  • To remove an action, a condition or a security profile, select it and press Remove. Note that the Always conditions and the Default profile can't be removed.

Kind of conditions

Each security profile has an "Always" condition. This means that the actions associated with that condition are always executed.

When you add a new condition, the following window appears:

Select the kind of condition you want to create, fill in the fields (when required) and press OK to continue.

Warning: the Trial and Registered modes + "following certificate(s) active" options are only supported if you create a restricted publication.

The "following certificate(s) is/are active" condition allows you to make different registered editions of your publication. For example, you could lock some HTML pages if the current certificate is the "Default" one (in this case, you know that the publication is not registered). Moreover you can go further by making one certificate per edition, each certificate unlocking a given number of pages.

When this option is active, use the list to indicate which certificate(s) should be checked. Use the checkboxes to select/unselect certificates.

About certificates

The best way to create a new condition is to use a HEScript Boolean function. A Boolean function returns True or False, so this is enough to create a new condition. If the HEScript Boolean function returns true, then the associated actions will be executed.

Creating a HEScript script

If you prefer to work with publication global variables, you can use the third option. In this case, you must enter the global variable's name and the value the latter should have to consider that the condition is filled. This is not case-sensitive.

Working with global variables

IMPORTANT: please keep in mind that a condition cannot be edited once it has been created. If you want to modify an existing condition, you will need first to delete it and create it again.

Kind of actions, restrictions and page locking

Each condition may have one or more restrictions or actions that are applied/executed when this condition is fulfilled.

You can configure the actions by selecting a condition and clicking on Configure, or just double-click on a condition.

The following window will appear:

You have two tabs with different options:

Page Restrictions

They allow you to define what end users can do when viewing the current HTML page. By default, publications allow end users to select and copy text, print pages, display the context menu (not the one of Internet Explorer: IE browser publications uses their own context menu, the "Show source code" option is never available), etc...

If you want to put restrictions, just enable the option(s) you want:

  • Prevent end users from selecting text: end users are unable to select any part of your HTML text. The text is displayed like for the print preview mode; of course it does not prevent them from navigating through your publication. This feature is generally used when you want to disable the "copy to clipboard" feature.
     
  • Cannot copy text and URLs to clipboard: if this option is enabled, end users are not allowed to select text parts of your HTML documents or URLs, and copy them to the clipboard.
     
  • Disable mouse context menu: the mouse context menu (mouse right click) lets end users access to various commands like copy, print, top page... To remove it, just activate this feature. You can also partially disable some commands using the context menu component.
     
  • Cannot print pages: enabling this feature will disable the printing ability of publications. By default, end users are able to print the HTML documents of your publication (including a print preview feature). Please note that it also removes the Print button from the toolbar.
     
  • Cannot copy images to clipboard: it works like the Cannot Copy Text feature, but with pictures this time and only for HTML Viewer publications.

Locking Pages

An important feature: you can forbid end users to access to the current HTML page. When a page is locked, it cannot be displayed and an error page is displayed. You can moreover specify what page you want to display instead.

When a HTML page is being requested, the publication loads its associated security profile and executes all actions of fulfilled conditions. If one of the action is a "page is locked" type, then the HTML page is not displayed at all.

Notes:

  1. If you put a "page is locked" action in the "Always" condition of a security profile, any page which is associated to that profile will be always locked.
     
  2. Use "page is locked" actions to restrict the user access to your pages. You can play with the different conditions of a security profile to determine which user should have access to a page or not.
     
  3. Please see the different examples about how to use this feature.

Associating security profiles to HTML pages

When your security profiles are ready, go to the File Manager, select the HTML page(s) you want and click on Properties. The File Properties editor will appear, select the Security tab and the security profile you want to assign to the selected HTML page(s).