Can metadata (like title, creator, ...) in package.opf be encrypted for DRMed epub or it's always available in clear? Or it depends on the drm technology used?
The EPUB Open Container Format specification ( http://www.idpf.org/epub/30/spec/epub30-ocf.html#sec-container-metainf-encryption.xml ) says:
The following files must never be encrypted, regardless of whether default or specific encryption is requested: [...] the EPUB rootfile (the Package Document)
(the Package Document is the OPF file). Hence the answer to your question is "never encrypted" if you just stick to the IDPF specification.
Related
When creating a pdf document (the primary purpose of the app), it will currently list "Chromium" as the content creator in MacOS's finder. This string's also evident in the pdf binary itself.
Is there a way to change this to a custom value from within the Electron API? The documentation for printtopdf() says nothing about this.
The documentation doesn't seem to mention anything useful indeed. This may not have anything to do with Electron itself.
I've printed-to-pdf this very page:
Then as you can see "Chrome" is the content creator of this document. (In Electron this would be "Chromium" as you noticed.)
Your best bet might be to change the PDF metadata after the file has been saved on the file system. See this post.
I am generating a multi-chapter eBook for Kindle Fire by first generating a well-formed xhtml-based EPUB 3.0 format file and then converting the .epub file to .mobi w/ Kindle Previewer and/or kindlegen. The generated .mobi file transfers properly to the Kindle and looks entirely correct. The problem is that my generated file never produces the "Learning Reading Speed" status at the bottom or the actual estimate of reading time. The reading speed feature never seems to get activated for any .mobi file generated with kindlegen. I'm aware that status area cycles through various features/statuses by pressing the status area on the reader screen and am certain that the feature is never activated.
I have generated an alternate version of the .mobi file using Calibre and the reading speed feature is enabled, however the format of the output file is heavily altered and is not consistent with the kindlegen format.
What is the key to generating a Kindle .mobi file with kindlegen that supports the reading speed feature?
I finally discovered the answer, which is that the generated .mobi file needs two tags manually added, 113 ASIN and 501 CDEContentType = EBOK, in the correct primary header of the .mobi file.
The tag information is published elsewhere, but often overlooks that a kindlegen generated .mobi file can have two versions of the same book embedded within the .mobi file, each with a primary header. If the tags are added to the first primary header (typically a v6 header) but not the second primary header (typically a v8 header), the Kindle device will not recognize the tags.
In my case, the tags needed to be added to the second primary header which allowed the Kindle device to treat the file as a book rather than a document. Most .mobi tag editors reference the first primary header only, which can cause confusion. Alternately, the .mobi could be split into two files in which case the tags could be manually added to the primary header of the relevant post-split file.
Is it possible to convert a doc file to a pdf file programmatically, with out using WORD application/third party tools. Preferably in Delphi XE4. If so, how?
Yes, you can convert .doc/.docx files to .pdf without Word and without third-party controls. The specifications are publically available - [simply] read and parse the .doc/.docx file according to the specification and generate the content according to the .pdf specification.
Here is the specification for MS-DOC (.doc) file format :
MS-DOC Specification (622 pages) -- Word97 through 2007
MS-DOCX Extensions Specification (105 pages) -- Word2010 through 2013
See also - Open Document and OpenXML Format
And the specification for the .pdf format :
PDF Reference (1310 pages)
Really, I think you'll find you probably want to use a third party component...
Is there any programmatic way to safely check whether if an epub file is DRM-protected (encrypted)?
I have found that there might be a rights.xml and an encryption.xml in the META-INF directory.
Does the existance of any or both of these files mean that the content is encrypted and if not, is there any other way to check?
(To be clear, I do not want to read ePubs with DRM at all, I just want to check whether they are encrypted or not.)
FWIW the Wikipedia epub article states
When present, DRMed EPUB files must contain a file called rights.xml within the META-INF directory at the root level of the ZIP container.
epubcheck as of v1.0 is reported to detect DRM-protection via the existence of encryption.xml and report an error. The epub3 spec says
An optional encryption.xml file within the META-INF directory at the
root level of the container file system holds all encryption
information on the contents of the container. This file is an XML
document whose root element is encryption. The encryption element
contains child elements of type EncryptedKey and EncryptedData as
defined by [XML ENC Core]. Each EncryptedData element describes how
one or more files within the container are encrypted. Consequently, if
any resource within the container is encrypted, encryption.xml must be
present to indicate that the resource is encrypted and provide
information on how it is encrypted.
The EPUB3 is vague on rights.xml, its meaning and whether it is mandatory for DRM'd files, so it might be best not to depend on it.
I have a system where users can upload, well, anything really - and these files are available to other users.
I need to come up with a list of file types that are genuinely needed by professionals in different industries that are safe from hacking/viruses, etc.
.doc .docx .gif .jpg .jpeg .mpg .mpeg .mp3 .odt .odp .ods .pdf .ppt .pptx .tif .tiff .txt .xls .xlsx .wav
What other file types do you know of that are both useful and safe?
Clarification
Many of the comments and responses are asking for a clearer definition of 'safe from hacking/viruses' - I ask the question with precisely that level of detail because I don't have as sophisticated an understanding of file types and their risks as many of you do, and I would like guidance on 1) any file types that may keep my site more secure, and 2) if there are no 'safe' file types then any advice on how to move forward with a system that allows for flexible uploading and sharing of files.
If indeed any malicious file can be packaged as a seemingly-safe file, how can I protect my users?
No filetype is safe if the program you use to open it with is badly (or carelessly or evil-y) written.
You can't assume that all files with a given extension is safe from 'viruses'.
I can easily rename a malicious executable to .doc and 'hack' your system.
EDIT:
There is no (simple?) way to check whether a user-uploaded file is malicious or not.
The app that you're creating is no different than any other file sharing websites out there (Rapidshare, Megaupload, etc).
There is nothing stopping anyone to upload malicious files to those websites.
Safe files does not exists. The ordinary text file is safe? For example with content:
format c:
if some program can execute a content of the file... you get the idea.
So, here are not safe files - only restrictions to RUN code (programs). (And I understand if this answer does not like.) :)
For "useful" you'll need to ask your customers.
For safe, there's no such thing because a file extension is just a part of the file name that gives a suggestion of what type of file it is. It need not accurately represent the type, and is easily manipulated.
Rather than protecting based on file type. I would get a 3rd party to virus scan each file on upload. Reject those which are identified as positive.
The list is pretty endless! A quick search finds http://filext.com/alphalist.php?extstart=^A
Well you can include all data files and exlude all executable/script files.
One list of executable file extensions is here: http://pcsupport.about.com/od/tipstricks/a/execfileext.htm
you may look other sources to inprove coverage.
Edit: for second part of the question addressing sequrity-
It would be best to have bunch of anti malware software installed on the server to check each sumbission - they are designed for this specialized task, use them. Anyways no executable file is professionaly useful as long as people are not looking for crackware.