4 Replies Latest reply on Aug 3, 2011 1:37 AM by ChristianPam

    Security topic of FDF and PDF

    ChristianPam Level 1

      Hello,

       

      i'm developing a website that generates a pdf and fdf and offers both for the user by opening a link like that:

       

      http://domain/test/formular.pdf#FDF=http://domain/test/fdfcreator.php?id=5mp68ues6ikfu6t2r kohg41182

       

      But when you open it in browser the yellow security bar appears and you have to add the site as a trusted host.

       

      I don't want to tell the user to add the site as a trusted host.

      I've already tried to load a crossdomain.xml by using "app.loadPolicyFile('http://domain/test/crossdomain.xml');" in FDF and PDF.

      The crossdomain.xml is unsecure as possible just for testing:

      <?xml version="1.0"?>
      <!DOCTYPE cross-domain-policy SYSTEM
      "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
      <cross-domain-policy>
      <site-control permitted-cross-domain-policies="all"/>
      <allow-access-from domain="*" secure="false"/>
      <allow-http-request-headers-from domain="*" headers="*" secure="false"/>
      </cross-domain-policy>
      

       


      What else can i do or try?

       

      i'm frustrated :-(