Recently in Security Category


With the release of the 10.1 update, Acrobat X for Windows provides a sandbox called Protected View. Protected View is another defense-in-depth feature that is tightly integrated with the existing Enhanced Security feature. Protected View in Acrobat leverages the successful sandbox implementation already in place for Adobe Reader while providing a user experience that should be familiar to Microsoft Office 2010 users.

If you are already familiar with what Protected View is, jump to What Developers Need to Know

Acrobat’s Protected View sandbox is similar to Reader’s Protected Mode sandbox and provides equal protection. Just like Reader, Acrobat strictly confines the execution environment of untrusted PDF files and the processes they invoke. Based on user preferences when Protected View is enabled, Acrobat assumes either all PDF files or just PDF files loading from untrusted locations are potentially malicious and confines processing to a restricted sandbox.

Enhanced Security in Acrobat 9 and Reader 9

| No Comments

Sanjoy Ghosh describes the new Enhanced Security model in Acrobat 9

With the addition of interactive form features, multimedia, and scripting, PDFs can now download and send data over the Internet, which can create a potential security risk for both user privacy and document integrity. To address those security issues, Adobe® Acrobat® 9 and Adobe Reader® 9 feature an Enhanced Security mode designed to minimize those risks by providing control over cross-domain data access and how FDF files are handled. Because the Enhanced Security restrictions may affect some legacy PDF workflows, Acrobat 9 also provides ways to increase privileges for documents and servers that can be fully trusted.

The enhanced security in Acrobat 9 leverages an existing model already in use by Adobe Flash. By providing controls for who may receive data from whom, Adobe Flash can power rich Internet applications that are safe and extremely flexible. Many Flash developers, such as YouTube, use this model.

Sanjoy Ghosh

What this means to you

If you are adding multimedia to PDF files there are now ways for you to add these elements and have seemless playback. Flash files (SWF) and video (FLV and H.264) that are embedded in the PDF file or PDF Portfolio will play without a security dialog because the file and/or the Portfolio are considered a "domain". This opens the door to a lot of great new capabilities while allowing for even tighter security than we’ve been able to deliver in the past.

Over the next few weeks we’ll be finalizing the white papers for Acrobat 9 and I’ll be able to share more details on exactly what the Enhanced Security can do for you.

Adding Seed Values to Signature Fields

| No Comments

When you digitally sign a PDF, usually you can sign using any supported certificate, from any
certificate authority and state any reason for signing that you like. This is fine in most cases but for
tighter security or to control the document approval workflow, the author of a document might
want to limit the choices a user can make when signing a document. This can be done by applying
“seed values” to a signature field. Seed values are properties that are used when applying your
signature to a signature field. The properties are stored in the signature field and are not altered
when the field is signed, the signature is cleared, or when the form is reset.

Full Article

Acrobat 8 Security Techniques

| No Comments

Adobe Acrobat 8 Standard and Professional have a rich set of functions that allow users to collaborate with colleagues, more securely distribute documents and collect data from electronic forms. The Adobe Acrobat 8 family and the Adobe Reader are also the client applications for an array of document services hosted on servers either within your organization or at Adobe. With more and more people in the enterprise creating and circulating PDF via email and posting PDF files to web sites, IT managers often find that they need to find a better way to manage the security of those PDF files to ensure that the right information is easily and readily available to the people who need it, but can’t be accessed by competitors or other unauthorized users.

This on demand seminar will show you how.

Watch Now