11 June 2002 | *Updated

By Kurt Foss, Planet PDF Editor

A well-intentioned member of the Planet PDF Forum (forum.planetpdf.com) sought to alert other users to a situation he deemed critical, headlining the 'Subject' of his post with an all-CAPS prefix and triple exclamation points: WARNING: Acrobat Not Secure!!!

Unfortunately, he also posted the warning in multiple topical conferences within the Forum, a practice that is highly discouraged -- it creates multiple threads on the same topic, which annoys many people who might be glad to offer an answer once, but not numerous times on the same exact theme.

Netiquette infraction aside, we felt it was important to have an official Adobe Systems' response on this matter, which we have received and now share below -- following the original post:

"Everybody who uses web served FDF files to populate PDF forms:

Anytime anything is downloaded from the Web into a PDF (this includes FDF files), a temp file is created on the users machine that contains all their FDF data in plain text!!! Worse yet, the temp file is not cleaned up when Acrobat reader 5.0 is closed (from within a Web browser). To find this file, make sure you have "show all hidden files" turned on and search for "acr*.tmp" under Start Menu>Search>Files or Folders... (it will show up in the temporary internet files dir for the user logged in).

I handle sensitive data and I was considering using PDF technology, but the data was too sensitive to be stored in plain text on a users hard drive. I can't use this until Adobe gets their act together and fix this bug (or is it a feature?) Please, Adobe, DELETE YOUR TEMP FILES!!!!!!

Anybody have an opinion on this or a workaround???"

According to Adobe, this is not true; the official explanation:

"While Acrobat is open and running and a PDF is open, there is a temp file created. When the user quits Acrobat or Reader, this file is deleted. If Acrobat crashes, and the file is 'left behind' the next time that Acrobat launches, it will clean up these temp files.

If you have a pre-released version (beta, etc.) there is the potential for these temp files to 'hang around.' But in the released products, this is not the case."

UPDATE

Since we posted the initial news item above we've heard from Planet PDF Forum member Todd Anderson, who posted the original warning; he's now set up a demo Web site (www.medicine.wisc.edu/testpdf) intended to prove his assertion (and thus to disprove Adobe's explanation). Todd writes:

"I plan on putting together a website that proves that Adobe Acrobat Reader 5.0 does leave an acr*.tmp file hanging around on the hard drive. Of course, this will contradict Adobe's official response, and I really DO like Adobe's technology, but I'm also a security/privacy advocate."

George Johnson, a Planet PDF Forum regular and PDF Forms expert, weighs in to support the contention made by Anderson, who's now agreed (Thank You!) to concentrate any future discussion on this issue solely in the PDF-Developers conference within the Forum. Johnson explains the problem and cause, and proposes a new Acrobat security setting:

> If you have a pre-released version (beta, etc.)
> there is the potential for these temp files to 'hang
> around.' But in the released products, this is not
> the case."

"The problem is they can indeed hang around after Acrobat *appears* to close. Again, when a PDF form is being viewed in a browser, Acrobat will create the FDF on disk when the PDF is closed. With no PDF being viewed or with the browser closed, Acrobat will remain loaded for some (undocumented and variable) amount of time. Acrobat will then auto-terminate, taking any temporary files with it. If Acrobat happens to be running outside of a browser (perhaps minimized), then it does not auto-terminate. The cached FDF remains on disk as long as Acrobat is running, visibly or otherwise."

"I have two security concerns. First is that the file remains on disk after the user appears to have closed Acrobat. Second is that the data in the FDF repopulates the form if it is reloaded. This is a concern mostly for machines that may be shared among several users or are otherwise unsecured. The reason Acrobat creates these temporary FDFs is to provide a feature that may be useful but in many cases is undesirable. One question I've addressed many times recently is how to deal with this unwanted behavior. Since neither the user nor the form creator have control over the creation of the FDF, the best you can do is user education and clear the form data when the form is opened, as demonstrated with: http://www.peakforms.com/pdfs/resetOnOpen.pdf." [PDF: 8kb]

"It's important to understand that this behavior is not required for the normal operation of online PDF forms, but rather exists to prevent unwanted data loss if a user exits a form and later returns."

"What I would like to see is a new security setting that would prevent Acrobat from creating a cached FDF for a PDF (just like you can prevent a PDF from printing), as well as a user preference that would prevent Acrobat from creating a cached FDF for any form that the user may open (just as you can disable JavaScript). That's the right thing to do. Any critiques of this approach?"

UPDATE II

Adobe's Roberto Perelman has posted a company response and clarification in the PDF-Developer conference of the Planet PDF Forum:

"The only reason .tmp files stick around after you close Reader, while a PDF is being displayed in the browser window, is because in reality Reader does not really exit (if it did, your browser window would go blank). Instead it stays running in the background."

"Once Reader really exits, which will eventually happen once you no longer are viewing any PDF docs in the browser, then all .tmp files really get deleted."

"Here's an experiment to prove this. After you've forcibly quit Reader, per your web page instructions, relaunch it (it will reappear instantaneously, since it already is running). Now exit the web page showing the PDF. Now quit Reader. The .tmp files get deleted."

"By the way, the browser itself also keeps files (which may contain sensitive data) in its own cache. Acrobat has no control over those files, even if they are Acrobat-related. Each browser has a policy for eventually recycling the files in its cache."

If you want to contribute to the discussion, please continue the thread in the PDF Developers conference in the Planet PDF Forum. You can read Forum messages without registering, but you must become a member (free) to post messages.

MORE INFO

To Top

• Planet PDF Forum (forum.planetpdf.com)