PDF In-Depth

Unauthorized access to secure PDF content: Everywhere you look?

April 20, 2006

Advertisement
Advertisement
 

Is PDF living up to Adobe's one-time claim of being "Everywhere you look"? At first glance, it looks as though that statement may be truer than was originally intended, thanks to the 500-pound gorilla of Internet search. The most public "private" beta this writer has ever encountered -- Google's "Gmail" email service -- offers a "View as HTML" function that may circumvent usage restrictions on some PDF documents.

Shock, horror! Whatever shall we do?

Security, and particularly PDF security, is a hot topic that rears its head every once in a while -- the glitch behind this latest round of controversy seems to have been uncovered by a vigilant blogger on April 18. The first scare I encountered was when a little-known company called Elcomsoft claimed to have broken Adobe's PDF security handler (true, by the way). What followed was nothing short of a circus, with Adobe officials and US federal agents both involved in the arrest and detention of a young Russian security specialist who was hapless enough to have his name included on a product splash screen. Planet eBook (a now-defunct sister site to Planet PDF) first broke the story in mid-July, 2001.

Basically, the story amounted to this: Dmitry Sklyarov -- the aforementioned security specialist -- worked for Elcomsoft. Elcomsoft had produced and sold products designed to break PDF security, which it claimed violated fair use guidelines in its native Russia. In the US, however, Adobe claimed that the software violated the then newly-minted DMCA (Digital Millennium Copyright Act). The FBI agreed. The problems really started when Elcomsoft tried to sell its product into the US market. After that, it all hit the fan when Sklyarov was nabbed on the way out of a conference in the US. Ultimately, Sklyarov was released, and Elcomsoft's password-retrieval and other products are available for sale. If you want the full story, check Planet PDF's complete archive.

Now to the issue at hand: when some PDF files are received in Gmail and the "View as HTML" link is selected, the full text of the document can display as HTML -- even if the original PDF is secured against "Content Copying or Extraction". This is obviously dangerous for document creators who have posted their content but don't want users to print, copy or extract the text of their PDF documents. In my testing, I could only reproduce the error with PDF files that were both set to "Acrobat 5.0 and later" compatibility and did not require a password to be opened. Given that Google's online search engine doesn't seem to have this problem, it's possible that this hole will soon be patched. Consequently, the scope of the problem seems to be somewhat limited. That said, it may be worth either bumping relevant files up to Acrobat 6.0 compatibility or adding an Open Password in the spirit of the "Better safe than sorry" principle.

What this does highlight though -- and there's a heated discussion going on right now in the Planet PDF Forums about this -- is that respecting security permissions on a PDF file (other than the Open Password) is something that must be done on a "honor" basis by the application.

Anyway, that's all from me for now. Until next time...

What are your thoughts on PDF security? Let us know in the Planet PDF Forum's Talkback Conference.

PDF In-Depth Free Product Trials Ubiquitous PDF

Debenu Quick PDF Library

Get products to market faster with this amazing PDF developer SDK. Over 900 functions and an equally...

Download free demo

Two Passwords Are Better Than One: The Low-Down On PDF Security

For people who don't spend their time looking at PDF files in text editors*, PDF security is a sometimes misunderstood beast.

For example, those document restrictions that PDF files sometimes have -- no Printing, Content Copying, Page Extraction, etc -- are essentially useless unless the PDF also has a User Password.

January 09, 2014
Platinum Sponsor



Search Planet PDF
more searching options...
Planet PDF Newsletter
Most Popular Articles
Featured Product

Debenu PDF Aerialist 11

The ultimate plug-in for Adobe Acrobat. Advanced splitting, merging, stamping, bookmarking, and link control. Take Acrobat to the next level.

Features

Adding a PDF Stamp Comment

OK, so you want to stamp your document. Maybe you need to give reviewers some advice about the document's status or sensitivity. This tip from author Ted Padova demonstrates how to add stamps with the Stamp Tool along with related comments.