Planet PDF: the home of the PDF community
Planet PDF: the home of the PDF community
Quick PDF Library

Archive 		Planet PDF Forum
Find Software and ServicesPDF EventsNewslettersFreeAboutSite MapOur Sponsors

Planet PDF Forum Archive

Planet PDF ForumThe page you are viewing is part of our 160,000 page PDF discussion forum archive spanning 1999-2008. Would you believe we have a 2nd forum archive which covers 2008 - 2011? But... if you really want to bust-a-move head to the LIVE Planet PDF Forum. It features more than 10 conferences, covering everything from beginner discussions to in-depth developer and pre-press discussions.


How to search this archive. The quickest way is to use the filters on our Advanced Search page so that only archive pages are included in the results.


Previous | Next | (P-PDF) Acrobat 6.0

Topic: Re: Effective security in Acrobat 6 (Via Email)
Conf: (P-PDF) Acrobat 6.0, Msg: 109423
From: prodok
Date: 4/12/2004 11:03 PM

There have been PDF viewers out there which simply ignored the security

settings within a PDF document. And these security settings concerned
were essentially the base settings (no printing, no modification,
etc.). In order to circumvent these settings, you won't need much in
your software, as long as you can open the document.

However, in the meantime, there is apparently some understanding among

the third-party PDF viewer makers to respect these settings.

The Elcomsoft approach is essentially to modify an already open
document. In order to display a document, you will at one time have to

open, and to expose its contents. This means that this point is the
place where anything can be attacked (if that term is appropriate). In

order to prevent that, you would have to make write-only documents.

If the document has an opening password, the Elcomsoft software does
rely on the user to provide that password. Otherwise, it has to use the

brute-force approach, which takes more than exponentially more time the

longer the opening password is. And if you add some extra characters,
even the dictionary search approach (which is a considerable speedup)
will fail.

It gets even more extreme with a document which uses digital
signatures/certificates for protection. Without the private key, whose

public key has been used to encrypt the document, such documents can
not be opened. Period. Well, unless you apply the Brute Force method
... and considering the length of the keys, you will need some little
time to get beyond that. However, once the document is opened for
viewing, you do have access to it.

This also applies for any kind of third-party securing software. I know

of solutions which actually verify first if any known "protection
removing" software is installed on the user's machine, and, if so, they

simply refuse to work.

That said, it will depend a lot on what you want to secure. You will
have to make up your mind about the risks to your documents, which
includes the potential damage if the security is broken. And then, you

might notice that all of a sudden, the highest risks come from your
legitimate users... So, you have to do your homework, and then decide
what is the most appropriate approach. You always have to keep in mind

that any kind of security can be broken; it is simply a matter of
resources needed to do it.

Now, why does Adobe put that disclaimer on their website. This is easy

to understand. Considering the fact that Adobe is a
beancounter/lawyer-run, publicly traded USAn corporation, they simply
protect their asses with that disclaimer ... in order to prevent from
being sued by other greedy lawyers (and their even greedier clients)...

simple, isn't it... Ah, yeah, and it is of course always the others
which do not play fair...



Max Wyss
PRODOK Engineering
Low Paper workflows, Smart documents, PDF forms
CH-8906 Bonstetten, Switzerland

Fax: +41 1 700 20 37
or +1 815 425 6566
e-mail: mailto:max@prodok.com
http://www.prodok.com



[ Building Bridges for Information ]


______________________



Shameless Plug:

My next conference appearances and workshops:
• Conference presentations at the 2004 Symposium of the BFMA, May 23
to
27 in Reno, Nevada (http://www.bfma.org) and pre-/post-conference
workshop, May 22/23 and 27, organized by essociates Group
(http://www.essociatesgroup.com/AdvancedAcrobatForms.htm)
• And, as always, available for on-site
workshops/tutorials/consulting.


_________________________




> Given Adobe's comments that '3rd party products may not respect
> security...'
>
> Am I right in thinking that the only way to ensure that a PDFis e.g.

> not printable is to use both an Open and a Restrict password with the

> PDF (and thinking about that, would the Elcomsoft stuff even get round

> that if the user had the Open password?)
>
> Restriction by digital certificate recipient looked great - until I
> saw the disclaimer by Adobe on 3rd party stuff.
>
> Is the bottom line, you have to get a 3rd party product for securing

> PDFs effectively?
PDF In-Depth Free Product Trials Ubiquitous PDF

LockLizard Safeguard PDF Security

Made specifically for publishers of high value information published in PDF format, it protects your PDF...

Download free demo

ARTS PDF Aerialist X

The ultimate plug-in for Adobe Acrobat. Advanced splitting, merging, stamping, bookmarking, and link...

Download free demo

Ubiquitous PDF: DIY PDF magazines, courtesy of CNET and Magazinify

Thanks to Magazinify.com, it's possible to have web articles delivered right to your inbox in PDF form. If that weren't enough, the nice folks at CNET have been nice enough to publish a step-by-step guide about how to set this all up using just a little time and a free Magazinify account.

September 06, 2011
Search Planet PDF
more searching options...
PDF Resources
Platinum Sponsor

ARTS PDF

Create & Edit PDF - Nitro PDF Software
Silver Sponsors

LockLizard DRM PDF Security Quick PDF Library: The Unrivaled PDF Developer Toolkit

Featured Product

ARTS PDF Crackerjack X

The most popular Acrobat plug-in for PDF-based color print production and automation.
Featured Event

Adobe Digital Marketing Summit

March 20-23, 2012 -- Salt Palace Convention Center, Salt Lake City, Utah

The Digital Marketing Summit is the premier event for digital marketers and advertisers to learn about and share key strategies for driving marketing innovation. Attend Summit to learn how you can create, measure, and optimize digital experiences to revolutionize how the world engages with ideas and information.

PDF Store Categories

Advertise | Submit news | Newsletters | About | Contact | Site Map | Forum Archive
  Planet PDF RSS Feeds | Find PDF Software | Free PDF eBooks

To connect with us, read Debenu's Blog, follow debenu on Twitter, or join the Debenu LinkedIn group. Planet PDF, PDF Store, Debenu and ARTS PDF are all © 2010 Debenu Pty Ltd (and formerly owned by Nitro PDF Software. All Rights Reserved. Privacy

 Planet PDF