Enhanced Security Documentation


We have a number of external-facing PDF forms that use Web Services to populate certain aspects of their data.  I understand that 9.3 has Enhanced Security turned on by default.  What’s the fastest way we can get communication working with our servers?

Joel Geraci covers this topic in an existing blog article here but the two documents you will need to get started are:

Enhanced Security Troubleshooting Guide and FAQ
Link directly to Workflow fixes with enhanced security enabled page

These should provide you with the direction you’re looking for.

However, if you are in a situation that needs a quick fix and completely open access then you could deploy a totally-open master policy on the root directory of your server as a starting point and then work through your forms, Reader Extensions certificate, and sub-directories to ensure you implement a secure solution.

<?xml version=”1.0″ ?>


<site-control permitted-cross-domain-policies=”master-only” />

<allow-access-from domain=”*” />

<allow-http-request-headers-from domain=”*” headers=”*” />


If you would like to just use a master policy then I would suggest associating the policy to your Reader Extensions certificate.  This would allow only PDF forms extended with your certificate to access services on your server.


Comments are closed.