I'm curious if there is a preferred method for securing webfonts (@font-face) on a server. I've read a few bits about obfuscating the font file to prevent desktop use, and using .htaccess to block outside hot linking of the various files. Is there a more streamline approach to this method that anyone knows? Essentially I do not want users to have access for downloading the font files, etc.
Hi Chris, well none at this point, But if I were to purchase a web font from Myfonts.com rather than using a font hosting service like Typekit or Font Deck etc.
The mentioned services do a fairly great job and protecting their fonts, using various methods, But what if someone hosts their own web fonts?
That's what I was summing, but what prevents someone from simply downloading the associated files within the web inspector? Most font hosting sites seem to have configured a secure method preventing access to files, or if access is permitted the font is unable to be used on the desktop because certain details are stripped out.
How would one serving their own fonts mimic these security measures? It seems quite difficult
@Rugg They've been working on them for quite some time which were released to a select few for beta testing. Mostly those who are "high profile" on the web. I hear they will be released pretty soon, though.
I'm not knowledgeable on base64 but basically I think it just encrypts the URL.
Hello,
I'm curious if there is a preferred method for securing webfonts (@font-face) on a server. I've read a few bits about obfuscating the font file to prevent desktop use, and using .htaccess to block outside hot linking of the various files. Is there a more streamline approach to this method that anyone knows? Essentially I do not want users to have access for downloading the font files, etc.
thanks
@Rugg Why, what webfonts are you using that you need to hide them?
Hi Chris, well none at this point, But if I were to purchase a web font from Myfonts.com rather than using a font hosting service like Typekit or Font Deck etc.
The mentioned services do a fairly great job and protecting their fonts, using various methods, But what if someone hosts their own web fonts?
@Rugg They will provide you with a zip file that includes the webfonts and CSS.
@chrisburton
That's what I was summing, but what prevents someone from simply downloading the associated files within the web inspector? Most font hosting sites seem to have configured a secure method preventing access to files, or if access is permitted the font is unable to be used on the desktop because certain details are stripped out.
How would one serving their own fonts mimic these security measures? It seems quite difficult
@Rugg The CSS they provide will already be encoded so that won't be an issue.
Ahhh. Great that makes sense. I was assuming It would be something similar to the google webfonts css
@Rugg It will basically look like this: https://css-tricks.com/fonts/9198/2F3A5B233AEF9D310.css
Oh nice. Does Hoefler have web fonts now?
Also what exactly is base64 encoding in regards to fonts and such?
@Rugg They've been working on them for quite some time which were released to a select few for beta testing. Mostly those who are "high profile" on the web. I hear they will be released pretty soon, though.
I'm not knowledgeable on base64 but basically I think it just encrypts the URL.
Ok thanks for all your incite. Looks like I have some catching up to do. Cheers
Just came across this nice article (2009)…providing an overview of the discussion here.
http://blog.typekit.com/2009/07/21/serving-and-protecting-fonts-on-the-web/