How Gandalf Secures Your PDFs


Gandalf lets you share a PDF presentation, white-paper or proposal with a select audience. You can determine this audience by what NFTs or ERC20 tokens they own, an allowlist of ENS names or address or some other on-chain criteria (e.g if they have a Farcaster ID).

Security is extremely important for us and in this article, we’ll go over exactly how Gandalf’s magic prevents unwanted viewers from accessing your exclusive content.

How it works

The way Gandalf handles your PDFs is similar in some ways to what the popular document-sharing platform DocSend does.

  1. First we convert every page in the PDF document into a series of images.
  2. Each image’s filename (and URL) are uniquely generated and non-sequential. A malicious attacker cannot guess the URL to any image.
  3. We also dynamically apply a watermark of the viewer’s ENS (or addresses) on every page, so its very easy to trace back any unauthorised distribution by a member of your audience. Using Cloudinary’s secure image transformations, we’re able to apply this watermark “on the fly”, while also ensuring that no malicious attacker can remove (or alter) the watermark simply by changing the URL.

Whenever a potential viewer navigates to the PDF via the Gandalf URL, we authenticate via their wallet to determine if the pass the restriction criteria you set. If the viewer has the correct credentials, the server responds with the secured pages of the PDF, as in the image above.

If they don’t have the correct credentials, then they shall not pass!

And that’s how the ✨magic✨ is made!

We’re considering dramatically increasing the size of the watermark – maybe a transparent pattern that spans the entirety of each page. What do you think?

At Gandalf, our mission is to evolve into the most comprehensive platform for tokengating, and this is just the beginning of our magical journey. We’re eager to hear from everyone—whether it’s feedback, new feature suggestions, or reports on bugs you’ve found!

Related Posts