8 Replies Latest reply on Jan 28, 2012 11:22 AM by Dave Merchant

    PDF Security is Comprimised

    tea512sunpride2000 Level 1

      We have been making PDF and using the security so they can be viewed online ans notr printed or downloaded. This function works great for Adobe Reader Users. We have now found if someone uses Adobe Acrobat Pro 9 or CS 5.5 (Adobe 10) they have a save function. More than likely it has been there the whole time. The new hover over menu is dispalyed on the bottom of the screen with a save function. This could spell the ned of Adobe as we may need to go to a flash solution. I thought I would throw it out here to see if anyone can put us in the right direction.



        • 1. Re: PDF Security is Comprimised
          EnterpriseHelp Adobe Employee

          Can you clarify your workflow? What version and what product are you creating the PDF with and with what version are you reading it with. If you are seeing a dark grey menu bar at the bottom when you hover in that area, then you are viewing the PDF with a 10.x version and not a 9.x version.



          • 2. Re: PDF Security is Comprimised
            George_Johnson MVP & Adobe Community Professional

            If you make a PDF available on a web server, there is no way to prevent someone from saving a copy of the document. It is in fact downloaded to a user's machine when it is viewed in a browser or otherwise. Some systems are set up to not display a PDF in a browser, or are not capable of doing so, in which case it's automatically downloaded when requested.

            • 3. Re: PDF Security is Comprimised
              tea512sunpride2000 Level 1

              These are created by multiple users using different versions of Adobe 8.x, 9.x, 10.x. You are correct we only noticed this because the save feature in 10.x (dark grey menu) was seen. This means anyone with that version can save our documents, thus the problem.

              Is there any way to disable that, we do not want the end user to able to download and save the file.


              We are not naive we know everything that is displayed can be copied, we are trying to make a reasonable attempt to stop it, per the lawyers telling us what is acceptable.



              • 4. Re: PDF Security is Comprimised
                EnterpriseHelp Adobe Employee

                George is correct. What your asking for has never existed in any product. There is no way to prevent downloading, copying with other software like Windows Explorer, or saving. Perhaps the reason you think something has changed is because the Read Mode feature is new (menu appears on hover). However, even before that feature was introduced, there was a Save button on the main toolbar at the top.


                If you let people view the file, the simple fact is there is no security on the file.


                If you want true security, use Password or Cert security.



                • 5. Re: PDF Security is Comprimised
                  tea512sunpride2000 Level 1

                  Thanks all for you help but we do have this control. The file is being created with Adobe Acrobat Security which is password protected against printing. The nthe file is uploaded to a web server that only allows you to open in Adobe.   When on the Security tab if we check these two boxes.



                  This only leave a menu bar on the right in the reader there is no save as function and it is not in a browese. As stated before I know there are snipit, screen capture, and many way to copy the file.


                  My problem is this issue of the grey box that over rules these options I have checked. This seems to be only a version 10.x issue. My question is there a way to disable that. The site is protected as we know the 100 people that are looking at the files we just cannot be sure how many of them are using the full product as opposed to the reader.


                  Just wanted to clarify a little more, looks like we do not need to spend money on Adobe Acrobat licenses anymore as we have to move to flash.

                  • 6. Re: PDF Security is Comprimised
                    Bernd Alheit Adobe Community Professional & MVP

                    All files can be savied and copied, also flash.

                    • 7. Re: PDF Security is Comprimised
                      Steven.Madwin Adobe Employee

                      Hi tea512,


                      The concept behind the "Hide menu bar" and "Hide toolbars" checkbox isn't to prevent the end-user for seeing them, but rather to prevent them from displaying when the file is initially opened. The user has always had the ability to hide and show both the menu and toolbars using the F9 & F8 function buttons respectively. Even if you encrypt the file, all that would do is prevent the user from changing the checkboxes (thus changing the initial view), but it doesn't prevent the user form toggling the controls on and off. You as the document author only get to control what the user does to the document, not control the application's chrome (chrome are all of the controls around the PDF display). What you are trying to do is akin to trying to control the zoom level, it's just not something you have control over on someone else's machine.


                      It's been mentioned above, but the ability to save the file from the server to the client machine has always been there. Maybe you made it harder for the user to find the Save button by hiding the old style toolbar, but the user could always get the toolbar back using the F8 key. Yes the HUD toolbar always displays when you mouse over it, and yes it is different behavior than you get with the old style toolbar, but in the end all of the functionality remains the same regardless of which version of Acrobat/Reader the end-user is using to view the file.



                      • 8. Re: PDF Security is Comprimised
                        Dave Merchant MVP & Adobe Community Professional

                        You seem to be under the impression that either of these concepts are actually secure; they are not.


                        A permissions rule on a PDF file (such as disabling printouts) is honored by Adobe products, but a lot of third-party PDF viewing software will  allow everything, plus it's trivial to remove. The permissions settings are purely a request to compliant software, and there's nothing to stop software vendors from ignoring them.


                        You also cannot control the software used by a remote client to view a password-protected file - a webserver has no idea what the client computer is using aside from the ident string in the HTTP request headers, and those are trivial to change.


                        If you require true security, then you must use a DRM-based solution such as LiveCycle Rights Management (part of ADEP). PDF files protected with LCDRM cannot be opened in non-Adobe products, so any rights you limit are guaranteed to be respected (even though they are still only a request) - you can also control access using the identity of the recipient, so while the file can still be saved, only authorized users can open it.



                        tea512sunpride2000 wrote:


                        The file is being created with Adobe Acrobat Security which is password protected against printing. The nthe file is uploaded to a web server that only allows you to open in Adobe.