Web fonts security

[gryzzly]

Hi, front-end folks.

I would like to ask about web font securing best practices.
Here, for example, is an excerpt from license for http://www.fontsquirrel.com/fonts/Monoxil:
“Embedding of font software into digital documents or web pages is
permitted only in secured read-only mode. User has to secure that it
will be impossible to gain font software by any means or to copy it
from these documents.”

As far as I understand, typekit.com, makes fonts available only for
the current user's session, but the fonts are still being downloaded
to the client and once session is initialized you can download the
font’s file.

Also, I believe typekit may use some kind of technique similar to what
can be found on typotheque's FAQ:
http://www.typotheque.com/help?id=127 (they may cut down the font to
make it less usable for any other purpose than that particular web
page where they should be served to)

What are the best practices based on the web server’s configuration?
What can be done without modifying the font file itself?

How can we make the font's serving as secure as possible? What can be
done to make it accessible only for some domain? For it not to be
accessible with direct link?

[gryzzly]

Here is an excellent post on the subject by Paul Irish:
http://typophile.com/node/70404

On Apr 7, 7:51 pm, gryzzly <mrejz...@gmail.com> wrote:
> Hi, front-end folks.
>
> I would like to ask about web font securing best practices.

> Here, for example, is an excerpt from license forhttp://www.fontsquirrel.com/fonts/Monoxil:

> “Embedding of font software into digital documents or web pages is
> permitted only in secured read-only mode. User has to secure that it
> will be impossible to gain font software by any means or to copy it
> from these documents.”
>
> As far as I understand, typekit.com, makes fonts available only for
> the current user's session, but the fonts are still being downloaded
> to the client and once session is initialized you can download the
> font’s file.
>
> Also, I believe typekit may use some kind of technique similar to what
> can be found on typotheque's FAQ:http://www.typotheque.com/help?id=127 (they may cut down the font to
> make it less usable for any other purpose than that particular web
> page where they should be served to)
>
> What are the best practices based on the web server’s configuration?
> What can be done without modifying the font file itself?
>
> How can we make the font's serving as secure as possible? What can be
> done to make it accessible only for some domain? For it not to be
> accessible with direct link?

--
--
You received this because you are subscribed to the "Design the Web with CSS" at Google groups.
To post: css-d...@googlegroups.com
To unsubscribe: css-design-...@googlegroups.com