Confused by all those little icons?. The Digital Signature Validation Cheat Sheet is a handy single page document will help you understand what those icons mean and how you can use them to determine the signer’s identity and the document’s integrity; both are important.
Recently in Security Category
Security for Flash Player compatible content in Acrobat 9
The latest releases of Adobe® Acrobat® and Adobe Reader® 9
introduce new native support for the playback of Flash® Player
compatible content. This new feature uses an embedded Flash Player
runtime and hence is independent of other instances of Adobe Flash
Player installed on the system. This white paper provides an overview
of the security model for Flash Player compatible content playing
inside Acrobat and Adobe Reader® software.
Get the complete white paper
Acrobat and Reader 9 Security Administration Guide
This document contains information for advanced users (such as system administrators) who are responsible for deploying and supporting the Adobe Acrobat family of products (including Adobe Reader) where these applications are used for digital signatures and document security. This document pertains only to these application’s security features. It is not an administration guide for other features.
Get the complete guide
Security is often at odds with usability. Adobe Flash began addressing this problem several releases ago by implementing and standardizing on a cross-domain security model that has evolved over the years into a robust, secure solution. By providing controls for who may receive data from whom, Adobe Flash can power rich Internet applications that are safe and extremely flexible.
An excellent explanation of the cross-domain security model can be found here
Enhanced Security and the Desktop
Acrobat and Reader 9 provide a method for a user or a system administrator to increase the privileges of chosen files, folders, and hosts by specifying them as privileged locations. Files in these privileged locations are exempted from certain security policies and therefore, for example, can be exempt from cross-domain security. The locations can be set by the user through the UI (Preferences dialog), or by a system administrator using Adobe Customization Wizard to specify installer settings prior to enterprise-wide deployment.
The three choices for privileged locations are:
Files — A file is defined by a path, so its security settings will be invalid if that file is moved. The difference between privileged PDF files and folders is the number of files. If a user has a large number of files they know they can trust, it may be more practical to put them all in one privileged PDF folder. Conversely, a user may use privileged PDF files if they have many PDFs in a single folder but only want to trust two of them.
Folders — Privileged PDF folders are similar to privileged PDF files except that all files in a specified folder (but not in sub-folders) have the same privileges.
Host — A privileged PDF site is appropriate for PDFs that can be opened in a browser from a Web server. A privileged PDF host can only be specified at the host name level; for example, www.adobe.com can be specified, but not www.adobe.com/products/. The specified host must be complete with no wild cards (unlike for crossdomain.xml files). The user will have the option to only specify that the host connection must be secure, for example, that it must be an https: connection. All
PDFs on the specified host will all have the same privileged PDF settings.
Using privileged locations, the user can bypass the security restrictions on the following, which would otherwise be in effect:
•Cross-domain data access
•External streams access
•FDF data injection
•FDF script injection
•Data taint: when data is downloaded from multiple hosts and then sent to another host
Note: This information was extracted from a draft version of the “Enhanced Security in Adobe Acrobat 9 and Adobe Reader 9” White Paper which will be published shortly and includes many more important details than this posting. I’ll supply a link to it when that document becomes final.
Sanjoy Ghosh describes the new Enhanced Security model in Acrobat 9
With the addition of interactive form features, multimedia, and scripting, PDFs can now download and send data over the Internet, which can create a potential security risk for both user privacy and document integrity. To address those security issues, Adobe® Acrobat® 9 and Adobe Reader® 9 feature an Enhanced Security mode designed to minimize those risks by providing control over cross-domain data access and how FDF files are handled. Because the Enhanced Security restrictions may affect some legacy PDF workflows, Acrobat 9 also provides ways to increase privileges for documents and servers that can be fully trusted.
The enhanced security in Acrobat 9 leverages an existing model already in use by Adobe Flash. By providing controls for who may receive data from whom, Adobe Flash can power rich Internet applications that are safe and extremely flexible. Many Flash developers, such as YouTube, use this model. If your company uses Flash for web applications, there are probably people in your organization who understand how this security model works and it should require only incremental effort to migrate your PDF-based applications to this method.
What this means to you
The Enhanced Security features are turned off by default in Acrobat 9 and Reader 9. The new Customization Wizard 9 will allow you to deploy Acrobat or Reader with Enhanced Security turned on. To find out how, click on the "Deploying Acrobat and Reader" link in the "Online Events" column to the left. Over the next few weeks we’ll be finalizing the white papers for Acrobat 9 and I’ll be able to share more details on exactly what the Enhanced Security can do for you.