We have an application that stores PDF documents in Oracle in a BLOB column. The documents get a certifying signature before they are first added to the database. They then get pulled out and displayed to the user in an embedded Acrobat 7 or 9 Control in a C# application. In there the user signs a Signature field and the database is Updated with the new version. There can be several users who each sign the document in turn in preconfigured Signature Fields.
There is a security issue since the link between the front end application and the database is a WebService, so the public Update method on the web service could be used to change a PDF to something completely different thus invalidating the supposedly secure storage.
If we could do that we could confirm that the document is "the same" as the original before doing the update.