如何防止网络字体被非法下载和使用?
我有一个项目,我在 CSS 中使用 @font-face 使用嵌入字体。一切工作正常,但网站所有者希望对字体进行加密,以便除了在网站上查看之外没有人可以使用它。
怎样才能这样设置呢?我在服务器上有字体,它是使用 CSS 中的 @font-face 嵌入的,但不知何故我必须限制对它的访问。
使用字体托管公司不是一个选择,它必须是可以在服务器上本地运行的东西。
I have a project where I am using an embedded font using @font-face in CSS. Everything is working fine but the site owner wants to encrypt the font so that no one can use it other than when viewed on the site.
How can that be setup? I have the font on the server, it's embedded using @font-face in CSS, but somehow I have to restrict the access to it.
Using a font hosting company is not an option, it has to be something that can be run locally on the server.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
如果无法选择使用字体托管公司,那么您必须自己完成字体托管公司所做的所有工作。这意味着将字体从服务器安全地传送到浏览器,确保字体文件仅包含足够的信息以允许浏览器呈现该类型,防止最终用户下载字体本身并在本地使用它,并混淆字体字体本身。
首先,确保您拥有在网络上使用该字体的许可证。如果你还没有得到这个,那你就完蛋了。
之后,您需要确保您的字体已进行子集化,以便它们仅包含您的网站需要显示的字符。然后,您需要确保您的字体被混淆,使得该字体在桌面上无法使用。 Font Squirrel 的 @font-face 生成器 可以执行此步骤和上一步。确保使用“专家”模式创建字体套件,使用其 WebOnly™ 保护并对字体进行子集化以包含字符。
Font Squirrel 还将字体转换为 EOT、OTF 和 WOFF 文件,这将有助于您的字体在绝大多数现代浏览器中使用。
最后,您应该 确保您的网络服务器配置为防止热链接到字体文件本身,从而防止从您网站以外的任何地方请求它们。
一旦你采取了这些步骤,你就已经走得尽可能远了。您需要确保您的字体文件是可缓存的,但您需要在缓存性能和可能在浏览器缓存中长期存储文件之间取得平衡。这是留给读者的练习。
请务必记住,即使您采取了所有这些步骤,人们仍然可以下载更改后的字体文件并相对轻松地在桌面上使用它们。您无法阻止人们下载更改后的字体文件。字体并在 100% 的情况下非法使用它们,但通过采取这些步骤,您在确保已尽一切努力的道路上走得更远。
If using a font hosting company is not an option, then you have to do all the work that the font hosting companies do yourself. This means securely delivering the font from your servers to the browser, making sure that the font file only contains enough information to allow the browser to render the type, preventing the end-user from downloading the font itself and using it locally, and obfuscating the font itself.
First up, make sure you have a license to use the font on the web. If you haven't got that, you're screwed.
After that, you'll want to ensure that your fonts are subsetted, so that they only include the characters your website needs to display. Then, you'll need to make sure that your fonts are obfuscated in such a way that the font is unusable on the desktop. Font Squirrel's @font-face generator can do both this and the previous step. Make sure you use the "Expert" mode to create your font kit, use their WebOnly™ protection and subset your font to include the characters.
Font Squirrel will also convert the fonts into EOT, OTF and WOFF files that will help your fonts to be used in the vast majority of modern browsers.
Finally, you should ensure that your web server is configured to prevent hot linking to the font files themselves, preventing them from being requested from anywhere except your site.
Once you've taken those steps, you're about as far along as you can be. You'll want to make sure your font files are cacheable, but you'll need to strike a balance between cache performance and potentially storing files on the browser's cache for a long time. That's an exercise left to the reader.
It's important to remember that even after you take all these steps, it is possible for people to download the altered font files and use them on the desktop with relative ease. You can't prevent people from downloading the fonts and using them illegally in 100% of cases, but by taking these steps, you're further along the road to making sure you've done everything you can.