To prevent unauthorized access to any file that is distributed for desktop reading, it needs to be encrypted so that it is not accessible until the conditions of its author are met, whether that may be by way of a proprietary reader designed to open decrypt that document, a required password, an authorizing token file, user validation by computer identification or IP address.

Without encryption PDF could not be protected until access is authorized, which is why copy protecting PDF left in its natural state (as a .PDF file)  and accessible by generic PDF readers is not a secure concept. To open an encrypted PDF a proprietary reader should be required that will know the unlock key (passphrase) and method of encryption used. And that is how real PDF protection software works. If the encryption method is known to everyone and open source, then not much would remain secure because it would invite opportunity for a PDF protection provider's competitors to distribute software to defame them. 

Which is why software based on open-source and JavaScript (which is open-text) is not recommended for anything that needs to remain secure. Obscurity is the first and main requirement for any secure application, and that is why a proprietary PDF reader should always be used.

We often get enquiries for PDF protection software that will not require the user to download a new application, and instead open it in their default PDF reader (usually Adobe Reader). Unfortunately that is not possible and until the enquirer is properly educated it can be difficult for them to comprehend. Another misnomer is that by reading a PDF online that the user doesn't actually download the PDF file to their computer.  In fact is it surprising to note how many web developers, who should know better, believe that. Of course to read a PDF on the desktop, the user needs to download and save the PDF document to their hard drive and then open it from there to read on their desktop. But not much is different when reading online, and what is difficult for many to grasps, is that no-one reads anything online! All web content, web pages, images and other media is downloaded to the user's computer and read locally using a web browser. The only difference is that instead of saving to a folder of the user's choice, for online reading the content is saved to the web browser's caching folder. That is how "cache" works... ever notice how revisiting a page always loads it much quicker? That is because there is no need to download its content all over again. The web browser checks its cache and when it finds the content, displays it from there!

Consequently the web browser cache is now targeted by media down loaders and recorders that may not look at the web page resource links at all, but go straight to the browser cache folder and extract what it is looking for from there. That is why when using  site protection software to copy protect web pages and media like video, that one should always use security software developed by the leading developers of copy protection. For example the ArtistScope Site Protection System (ASPS) which is the most secure web protection solution ever imagined, requires the use of the ArtisBrowser which has all avenues of exploit secured, and where nothing can be extracted from browser cache or memory.