The Acrobat and Reader Trust Model:
Acrobat and Reader 9, with Enhanced Security turned on, allows only same-origin data downloads and multimedia operations [see "Enhanced Security in Adobe Acrobat 9 and Adobe Reader 9"]. In practical terms, this means that if you open a PDF file in a browser and it contains a streaming video, as long as the video was added with the Acrobat 9 video tool and it is streaming in from the same server that hosts the PDF file, the video will simply play without the user being prompted with a security warning. This is exactly what you’d want.
However, if the user saves that same PDF file to their desktop, their copy of the PDF file is no longer in the same domain as the video, it’s on the desktop but the video is still referencing the server. When the user opens the file from their desktop, they’ll be prompted to "Allow" a connection to the server that is streaming video.
If you are using hosted services or are streaming video from a server other than the one that hosts the PDF file, you can create a cross-domain policy file to allow other servers to be trusted. Below are two different links to the same file. The first will open the PDF file in a new browser window, the second will download the PDF file so you can open it from your desktop. The PDF file contains a Yahoo Map that references 4 different domains on the Yahoo servers. My cross-domain policy file is set up to allow cross-domain access to all four of those servers. So when the file is viewed from the browser, the first link, you get a very clean experience with no security warnings.
If you open the file from your desktop after downloading it, the second link, your experience is quite a bit different. First, you’ll be prompted to allow the PDF file to access my server which actually hosts the SWF that plays inside the PDF file.
Then the SWF will try to access some assets that I also have referenced on the server. You should click "Remember my action for this site" or you’ll be prompted many times as the SWF accesses the same resource each time it places a pin on the map.
After all of that, you’ll need to allow the SWF to access each of the four Yahoo domains that the Yahoo map API requires to generate the map.
With behavior this different, it’s hard to believe that this is the exact same file. The difference in the behavior is simply due to the same-origin and cross-domain policy rules. When a PDF file is opened from the desktop, the PDF file itself is considered it’s own domain. So, as long as all of the resources needed to play the multimedia in that PDF file are embedded, you won’t see any security warnings. Unfortunately, this will never be the case with streaming video or any PDF file that uses web services. So – we had to come up with another solution.
Establishing Trust: Opting In
You can override these restrictions for content that is specifically trusted, in other words, content that you know where it’s coming from and you were expecting to get it. As the PDF author you can take certain steps to help establish trust, which I’ll discuss below, but – ultimately – your end users will need to opt in to trusting your content. The remainder of this article discusses how to help them do that.
Certify your Documents:
The added benefit of certifying documents is that the user will only need to install and configure your certificate once, then all documents that are certified by you will work properly and without restriction.
To see how this works, download and configure my certificate by clicking on the link below.
When you open the FDF file, you will be prompted to import my contact information. Note: The contact information will be imported into Acrobat or Reader, not your contact management system. Click the "Set Contact Trust" button to configure my certificate further.
In the "Trust" tab, check all of the boxs and then click "OK".
After you see the import message, you can close out of all of the dialogs.
After installing and permissioning my certificate, try opening the certified version of the Yahoo Map example, you should be able to use it without security warnings.
You can get a certificate from one of Adobe’s Certified Document Services (CDS) partners or use one of your own. One additional point to note is that the Adobe CDS service can be used to automatically certify to the recipient that the author’s identity has been verified by a trusted organization and that the document has not been altered in any way. It does not automatically grant the additional permissions required to play unembedded Dynamic content or other high privilege operations. Your users will need to set these permissions manually as detailed above.
Because there is a fee associated with getting a certificate issued from our CDS partners, certifying a document my not be the best solution for all users. To get the same behavior as a certified document without using a certificate, Privileged Locations are an excellent option.
Enhanced Security provides a method for specifying locations on your hard drive to store trusted content. Privileged locations can be a single file, a directory, or a host. You’ll need to ask your users to create a folder on their desktop, assign that as a trusted folder in the Acrobat preferences and then to place any files that they receive from you into that folder. By saving your files to that special folder, they are opting in and those files will function without the Enhanced Security restrictions.
To specify a privileged location through the user interface see "Specify privileged locations for trusted content" in the Acrobat 9 help
Because Certified documents are secured and thus not fully editable in Acrobat, the Privileged Locations solution is best if you are creating PDF files with Dynamic content and your users will be modifying the file in significant ways. That is, something other than filling in form fields or commenting, which are the only two types of changes permitted by "certified" documents.