11 Replies Latest reply on Nov 26, 2012 11:15 AM by MadMich

    Text tool bypasses security

    MadMich Level 1

      When signing a document some of my fields are set to ' read only' using a document level javascript.

       

      But if you select these fields with the text selection tool you can change them?

       

      Anyone else seen this issue and more importantly know a fix? I am using Acrobat 8 - X to test and all do the same.

       

      Thanks in advance.

       

       

      I have uploaded an example here:

      https://workspaces.acrobat.com/?d=Rzr2p*X6ZjsjdQvamrxrqw

        • 1. Re: Text tool bypasses security
          Dave Merchant MVP & Adobe Community Professional

          The form-filling process will abide by a scripted read-only setting, but unless the file is encrypted, Acrobat's editing tools can change anything.

          • 2. Re: Text tool bypasses security
            Test Screen Name Most Valuable Participant

            Equally, if you haven't set document security, the user could go into form design and change whatever they wanted.

            • 3. Re: Text tool bypasses security
              MadMich Level 1

              Thanks for the reply. On this advice...

               

              I set the password security to Encrypt all document content.

              I have also restricted permissions to fill in form fields and existing signature fields.

               

              I can still modify the text box content with the text selection tool?

              • 4. Re: Text tool bypasses security
                gkaiseril MVP & Adobe Community Professional

                You have not updated the copy of the form in memory until you close the PDF and reopen it.

                • 5. Re: Text tool bypasses security
                  MadMich Level 1

                  Thanks for the reply, But I am aware of this.

                   

                  I have closed the pdf and reopened it and I am still able to modify the field content with the text selection tool?

                   

                  Please see the signed version I have uploaded and try modifying the field yourself, you shouldn't be able to do it as the field is set to  readonly once signed!

                  https://workspaces.acrobat.com/?d=SMK7SsXwEowjnJ4KzN3dIA

                   

                  Unless there is some other encryption I'm missing I don't know what i am doing wrong.

                  • 6. Re: Text tool bypasses security
                    George_Johnson MVP & Adobe Community Professional

                    I tried accessing the document, but it doesn't look like you published it so that anyone can access it.

                    1 person found this helpful
                    • 7. Re: Text tool bypasses security
                      MadMich Level 1

                      Sorry George try now i have published both links now.

                      • 8. Re: Text tool bypasses security
                        George_Johnson MVP & Adobe Community Professional

                        This is definitely a bug! What you haven't said is that there is a code attached to the Mouse Down event of the text field that ultimately causes the field value to change, depending on which item the user selects from the popUpMenu. Since the field is read-only, the code should NOT be getting triggered, and the fact that it does is a big bug. You could modify the code so that it doesn't execute if the field is read-only, but this still should be fixed.

                         

                        I once tried to bring up an issue where the text select tool copies the field value rather than the formatted value, and this was brushed off. I hope you have better luck. The fact is the read-only flag is really a "Do not allow interaction with the user" flag according to the PDF spec, so you have a very strong case that this should not be happening. Please report this!

                         

                        Edit: changed "...the code should be getting triggered..." to "...should NOT be getting triggered...

                        • 9. Re: Text tool bypasses security
                          MadMich Level 1

                          Thanks  for the feedback, thousght i was gong insane!

                           

                          I work with a high end security area and need to fix this so i will report it.

                           

                          I did fix this previously by changing the type of field to a selection field, this seems to fix it but means i have to go back and rewrite some of my script.

                          • 10. Re: Text tool bypasses security
                            George_Johnson MVP & Adobe Community Professional

                            The way you chose to do this is a bit unusual. I would have been inclined to use a button to trigger the script on Mouse Up, and place the response in a read-only text field. You can leave it as a text field and just do a check to see if the field is set to read-only, and only proceed with the rest of the script if it isn't.

                             

                            When you report this, leave any talk of security out of it as it may just confuse the issue. Security has nothing to do with it. The issue is the behavior of text fields (and maybe other field types as well) that are set to read-only that respond to mouse actions when the Select Text tool is active. Any scripts simply should not be getting triggered when the field is set to read-only.

                            • 11. Re: Text tool bypasses security
                              MadMich Level 1

                              I hear what you are saying George, the scripts i use are a lot more complex than the one i have shown here, I just wanted to get the point across as easily as possible. I will look into your suggestion though and check the field is set to read-only.

                               

                              I sent the report off a few hours ago.