Re: PDF security

Hello, rrx3@xxxxxxx!
You wrote on Fri, 02 Jun 2006 11:02:38 GMT:

r> I am aware of the security features for protecting PDFs from within
r> Acrobat. I wondered if anyone used anything 'better' or more secure?

PDF security is standardized, i.e. all the existing PDF implementations use
the same security algorithms.

r> I publish a magazine, and wish to allow printing, but not allow any
r> changes to the original file.

This can be easily made by almost all implementations using standard PDF
security. However, please note, that usage rights specified in the document
can be easily bypassed by 'unhonest' viewer (the information itself is not
protected from printing/editing, so there's no possibility to prevent these
operations from using by unhonest software).

r> It would be good to limit the amount of times the file is printed (file
is emailed not downloaded).

It's not supported by PDF specification.

r> I practised on a file which was password saved. The utility on this site
r> (http://www.verypdf.com/) managed to bypass this easily.

As I said, all the usage rights security options work only with 'honest'
viewers (please note, that I *do not* say that the software you mentioned is
bad or somehow non-legal -- it's a lack of PDF security rather than a hack
of software. I just call the software 'honest' if it works according to the
recommendations mentioned in PDF specification).

I think that the most secure solution for you is to certify your magazine
with digital certification, so-called MDP (modification detection and
prevention) signature. It will allow you to protect your document from
changing/printing by specifying the needed usage rights. Also, certification
uses asymmetric cryptographic operations which are more secure that
symmetric (password) ones.

With best regards,
Innokentiy Ivanov
EldoS Corporation
---
SecureBlackbox -- feel safer with comprehensive Internet security components


.

Relevant Pages

  • [UNIX] GV Execution of Arbitrary Shell Commands (Additional details)
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... which is a PostScript and PDF language interpreter. ... Unfortunately, these commands contain the filename, which can be ... that causes execution of arbitrary shell commands when it is read with GV. ...
    (Securiteam)
  • Re: 867801 Website Page Display
    ... The PDF bit is a red-herring since the problem is actually due to ... the inability to spawn a new secure page which does the actual PDF output. ... the java console). ... I guess the same sophisticated security expertise that gave us ...
    (microsoft.public.windowsupdate)
  • [UNIX] Exploitable Buffer Overflow in gv
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... The gv program is a PDF and postscript-viewing program for UNIX ... Disclosure timeline: ... The following is a PDF file that once opened by the program will cause the ...
    (Securiteam)
  • RE: Access 03 vs 07 vs SQL Server
    ... It's split, with user security (Admins, Full-Data ... As far as the "pointers" go, just save the pdf location, not the file ... Keep the pdfs on a secure drive. ... Alias "ShellExecuteA" (ByVal Hwnd As Long, ByVal lpOperation As String, _ ...
    (microsoft.public.access.security)
  • [NEWS] Acrobat PDF Protection is not Very Secure
    ... Acrobat PDF Protection is not Very Secure ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Acrobat to protect their documents. ...
    (Securiteam)