1. Manuals
  2. Brands
  3. Adobe Manuals
  4. Software
  5. 12001196 - Acrobat - Mac
  6. Manual

Adobe 12001196 - Acrobat - Mac Manual

Application security guide
Hide thumbs Also See for 12001196 - Acrobat - Mac:
Table of Contents

Advertisement

Quick Links

Download this manual
Acrobat
Application Security Guide
(all versions)
Acrobat® Family of Products

Advertisement

Table of Contents
loading

Related Manuals for Adobe 12001196 - Acrobat - Mac

Summary of Contents for Adobe 12001196 - Acrobat - Mac

  • Page 1 Acrobat Application Security Guide (all versions) Acrobat® Family of Products...
  • Page 2 Adobe Systems Incorporated. Please note that the content in this guide is protected under copyright law even if it is not distributed with software that includes an end user license agreement.

  • Page 3: Table Of Contents

    Contents 1 Application Security Overview 2 Protected View 2.1   Overview 2.2   Configuration 2.2.2   Trust overrides 2.3   Unsupported configurations 2.4   FAQs 3 Protected Mode 3.1   Overview 3.2   Changes across releases 3.3   Configuration 3.3.2   Trust overrides 3.4   Read policy changes for 11.0 3.4.2   User experience 3.5   Unsupported configurations 3.6   FAQs 4 Enhanced Security 4.1   Feature interaction 4.2   Changes across releases 4.3   Configuration 4.4   Trust overrides...
  • Page 4 5.9   Certified document trust 5.10   JavaScript invoked URLs 5.11   JavaScript injection 5.12   Workflow changes by version 5.12.3.2   Overview 6 Attachments 6.1   Black lists and white lists 6.2   Configuration 6.3   Blacklisted extensions 7 Cross Domain Configuration 7.1   Cross domain basics 7.1.6   User experience 7.2   Policy file configuration 7.3   Certificate-based permissions 7.4   Server configuration 7.5   Calling policies via JavaScript 7.6   Troubleshooting 8 External Content Access 8.1   Internet access...

  • Page 5: Application Security Overview

    Adobe provides a security model designed to help you protect your environment from security attacks. You should explore the options for tuning applications for the desired security level. The big picture is...
  • Page 6 Receive alerts about vulnerabilities and updates. Incident Response Team Blog Get news and pre-notification of updates about all Adobe products. Secure Software Eng. Team Blog Track news and events from Adobe and the security software industry. Section 1   Application Security Overview Page 2...

  • Page 7: Protected View

    PV is another defense-in-depth feature that is tightly integrated with the existing enhanced security feature. PV in Acrobat leverages the successful sandbox implementation already in place for Adobe Reader while providing a user experience that should be familiar to Microsoft Office 2010 users.
  • Page 8 Section 2   Protected View Application Security Guide Acrobat displays a warning bar at the top of the viewing window. In this state, many of Acrobat's features that interact with and change the document are disabled and the associated menu items are greyed out in order to limit user interaction.

  • Page 9: Configuration

    In addition to enabling logging via the UI (above), you can turn on logging and configure a log file location via the registry. To enable logging, specify a log file location: 1. Go to HKEY_CURRENT_USER\Software\Adobe\Adobe Acrobat\10.0\Privileged. 2. Right click and choose New > REG_SZ Value. Section 2   Protected View...
  • Page 10 Configurable policies have two requirements: • They must reside in the Reader install directory adjacent to the AcroRd32.exe in the install folder: D:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\ • The name of the policy file must be ProtectedModeWhitelistConfig.txt. 2.2.5.1 Enabling custom policies To allow the application to read and use a policy file, registry configuration is required.

  • Page 11: Unsupported Configurations

    Unsupported configurations for Acrobat running in Protected View change across releases as the product evolves. For example, Protected Mode supports Citrix and Windows Terminal Services deployments with 10.1. For a list of unsupported configurations and workarounds, see http://kb2.adobe.com/cps/860/cpsid_86063.html. Protected View: Unsupported configuration dialog 2.4 FAQs...
  • Page 12 The current release includes support for the following: • Adobe Acrobat 10.1 or later. • Windows 32 and 64 bit platforms, including XP SP3. Adobe's initial efforts focus on hardening its Windows products because there are more Windows users and Windows applications with proven sandboxing implementations.

  • Page 13: Protected Mode

    For application developers, sandboxing is a technique for creating a confined execution environment for running untrusted programs. In the context of Adobe Reader, the "untrusted program" is any PDF and the processes it invokes. When Reader sandboxing is enabled, Reader assumes all PDFs are potentially malicious and confines any processing they invoke to the sandbox.

  • Page 14: Changes Across Releases

    2. In the Application Startup panel, check or uncheck Enable Protected Mode at startup. 3. When the dialog appears asking if you would like to continue, choose Yes. This preference sets: [HKEY_CURRENT_USER\Software\Adobe\Acrobat Reader\10.0\Privileged] "bProtectedMode"=(0 = off; 1 = on) 1. Choose whether or not you would like to have a log file created.

  • Page 15: Trust Overrides

    None. PM is designed to protect users transparently and without impacting other features. 3.3.3 PM and shell extensions While Protected Mode can be disabled for PDFs viewed with the product, Adobe continues to protect you when 3rd party software invokes a Reader process; that is, Protected Mode sandboxing cannot be disabled for shell extensions.

  • Page 16: Creating Policies

    Configurable policies have two requirements: • They must reside in the Reader install directory adjacent to AcroRd32.exe in the install folder. for example: D:\Program Files (x86)\Adobe\Reader 10.0\Reader\ • The name of the policy file must be ProtectedModeWhitelistConfig.txt. 3.3.7.1 Enabling custom policies To allow the application to read and use a policy file, registry configuration is required.

  • Page 17: Protected Mode Policy Rules

    In Reader 11 Protected Mode, the sandboxed AcroRd32.exe process only has read access to those files and folders under the %USERPROFILE% for the following: 1. The correct functioning of Adobe Reader itself; for example %appdata%\Adobe\Acrobat\11.0\*. 2. PDFs explicitly opened by the user via the File Open dialog or double-clicking.

  • Page 18: User Experience

    Section 3   Protected Mode Application Security Guide BUILTIN\Users groups read access is not protected with read-restrictions. Other folders such as the per-user profile folder that don't grant such an access are protected. Note that many user-account protected network shares don't grant access to everyone. So, again, those would be protected. 3.4.2 User experience There is no UI to turn read-restrictions on or off: this feature is an enhancement to the existing Protected Mode feature and is always enabled as part of it.

  • Page 19: Unsupported Configurations

    Protected Mode. Note "Adobe Reader cannot open in Protected Mode due to a problem with your system configuration. Would you like to open Adobe Reader with Protected Mode disabled?"...

  • Page 20: Faqs

    Is Reader X on Mac OSX less vulnerable? While Protected Mode is not available for Macintosh, Adobe has not seen any targeted attacks against Unix and Mac Reader so far.
  • Page 21 Plug-ins will not be able to write log files to non-whitelisted locations. They can continue to write logs to the Temp directory (as returned by GetTempPath() Windows API or equivalent Acrobat API). Another white-listed location is Adobe Reader's own appdata area. Does the Protected Mode impair a PDF's ability to access trusted web sites? Can I still save Acrobat forms on my own computer? Yes.
  • Page 22 What is the user experience like for screen readers invoked via viewing a PDF in the browser? Most accessibility features work. In some cases they do not work on XP. For a list of known issues, see http://kb2.adobe.com/cps/860/cpsid_86063.html. Why do we see 2 Reader processes in the Task Manager with the same name? The Reader X application now has 2 processes: one for the target (sandbox) and the broker.
  • Page 23 Application Security Guide Section 3   Protected Mode One option is to add custom policies to bypass protected mode restrictions. Can plug-in developers write their own broker? No, we do not currently provide the option for developers to write their own brokers, but we may do so for future releases.

  • Page 24: Enhanced Security

    Section 4   Enhanced Security Application Security Guide 4 Enhanced Security Introduced in version 9.0 and enabled by default for the 9.3 and 8.2 updates, enhanced security "hardens" your application against risky actions by doing the following for any document not specifically trusted: •...

  • Page 25: Configuration

    The following preference rules apply irrespective of the user's platform: • Windows, Macintosh, and UNIX platforms use similarly named keys. • When configuring paths, use your product (Adobe Acrobat or Acrobat Reader) and version (9.0 or 8.0). • For 8.x, only one key (bEnhancedSecurityStandalone) controls behavior for both standalone and browser modes.
  • Page 26 Before continuing, install some plist editor such as PlistEdit Pro. Change the root path to reflect the product (Acrobat or Reader) and version number (9.0 or 8.0) you are using. To configure the settings: 1. Navigate to the .plist file: • Mactel: UserLibraryPreferencescom.adobe.Acrobat.Pro_x86_9.0.plist • Mactel: UserLibraryPreferencescom.adobe.Acrobat.Pro_x86_8.0.plist Section 4   Enhanced Security Page 22...
  • Page 27 Application Security Guide Section 4   Enhanced Security • PowerPC machine: UserLibraryPreferencescom.adobe.Acrobat.Pro_ppc_8.0.plist • PowerPC machine: UserLibraryPreferencescom.adobe.Acrobat.Pro_ppc_9.0.plist • PowerPC machine: UserLibraryPreferencescom.adobe.Reader_ppc_8.0.plist • PowerPC machine: UserLibraryPreferencescom.adobe.Reader_ppc_9.0.plist 2. Go to TrustManager. 3. Set EnhancedSecurityInBrowser (Boolean YES/NO). 4. Set EnhancedSecurityStandalone (Boolean YES/NO). 5. Exit the editor.

  • Page 28: Trust Overrides

    • Create a privileged location via the UI for the file, folder, or host. • Create a privileged location via the registry/plist by placing a tID under each cab/dict at: [HKCU\Software\Adobe\<product name>\<version>\TrustManager\(cTrustedSites or TrustedFolders)\cCrossdomain] [HKCU\Software\Adobe\<product name>\<version>\TrustManager\(cTrustedSites or TrustedFolders)\cDataInjection] [HKCU\Software\Adobe\<product name>\<version>\TrustManager\(cTrustedSites or TrustedFolders)\cExternalStream] [HKCU\Software\Adobe\<product name>\<version>\TrustManager\(cTrustedSites or TrustedFolders)\cScriptInjection]...

  • Page 29: Privileged Locations

    Application Security Guide Section 4   Enhanced Security 4.4.1 Privileged locations The most common way to assign trust to files, folders, and hosts is via privileged locations. 4.4.2 Internet Access There are two ways to control internet access: • The Trust Manager's Internet Access settings allow you to trust individual web-based files, directories, and specific hosts (wildcards are supported).

  • Page 30: User Experience

    Yellow Message Bar. If you find that your workflow is impaired, Adobe recommends that you leave enhanced security enabled and assign trust as needed via one of the available methods prior to sending such a form.
  • Page 31 Application Security Guide Section 4   Enhanced Security Data file Action location location 8.x behavior 9.x behavior Opening a target PDF local local PDF opens. No No change. authentication required. Opening a target PDF local server PDF opens Allow via dialog or enable enhanced security and set privileged location.

  • Page 32: Examples

    Section 4   Enhanced Security Application Security Guide 4.5.2.1 9.2, 8.1.7, and earlier Pre 9.3 and 8.2, the application displayed modal dialogs whenever a risky behavior was invoked. The user had to click through the dialog to continue. Enhanced Security: Data access dialog (pre 9.3 and 8.2) 4.5.2.2 9.3, 8.2, and later With 9.3 and 8.2, many warning messages were moved to an unobtrusive Yellow Message Bar at the top of the document.
  • Page 33 "bDisableOSTrustedSites"=dword:00000001 4.6.4 Least restrictive settings "Secure by default" is Adobe's recommended best practice. However, you can disable all the features if you are already operating within a secured environment. The following examples show the least restrictive settings with the features not locked.

  • Page 34: Troubleshooting And Faqs

    Section 4   Enhanced Security Application Security Guide Note 10.x products use the same settings. Least restrictive enhanced security settings: 9.x and 10.x [HKEY_CURRENT_USER\Software\Adobe\(Adobe Acrobat or Acrobat Reader)\(9.0 or 10.0)\TrustManager] "bEnhancedSecurityStandalone"=dword:00000000 "bEnhancedSecurityInBrowser"=dword:00000000 "bTrustOSTrustedSites"=dword:00000001 4.7 Troubleshooting and FAQs Enhanced Security FAQ. Section 4   Enhanced Security...

  • Page 35: Javascript Controls

    Section 5   JavaScript Controls 5 JavaScript Controls JavaScript support is one of Acrobat's and Adobe Reader's most powerful features, and Adobe provides several controls that enable tuning application behavior so that JavaScript (JS) executes within your desired level of security where unrestricted access to JS APIs is undesirable or workflows do not leverage this feature at all.

  • Page 36: Disabling Javascript

    Options button and then trust the document once or always. • Create a privileged location via the UI for the file, folder, or host. • Create a privileged location via the registry/plist by placing a tID at: [HKCU\Software\Adobe\<product name>\<version>\TrustManager\(cTrustedSites or TrustedFolders)\cAlwaysTrustedForJavaScript] "t8"="C:\\someTrustedPDF" Section 5   JavaScript Controls...

  • Page 37: Blacklisting Js Apis

    APIs so that you do not have to resort to disabling JavaScript altogether. The blacklist is maintained in the Windows registry and the Macintosh OS X FeatureLockdown file. On Windows, there are two blacklists, one for enterprise administrators, and one for Adobe patches and updates. Blacklist rules of operation •...

  • Page 38: Trusted Override

    Section 5   JavaScript Controls Application Security Guide On a 64 bit Windows system, the path is HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Adobe. 5.5.2 Blacklist configuration The manual steps described below require administrator privileges on a machine and should only be undertaken by someone experienced in registry-level configuration. In most cases, configuration occurs via the Customization Wizard prior to client deployment or via a scripting mechanism post-deployment.
  • Page 39 One such tool is the JavaScript Blacklist Framework Tool for Acrobat and Adobe Reader. The tool offers protections against an entire class of vulnerabilities that target JavaScript APIs.
  • Page 40 The tool presents a list of JavaScript APIs that have been attacked in the past. It retrieves a current list of APIs from an Adobe server but presents a default list if an Internet connection is unavailable. To use the tool: 1.

  • Page 41: Disabling Menu-Invoked Js

    1. Go to Preferences > JavaScript (The exact path varies by product and platform). 2. In the JavaScript Security panel, set Enable menu items JavaScript execution privileges. This values sets: [HKCU\Software\Adobe\<product name>\<version>\JSPrefs] "bEnableMenuItems" Note Enables executing JS by clicking menu items. When off, privileged JS calls can be executed via the menu unless they have been wrapped in the app.trustFunction.

  • Page 42: Disabling Global Object Access

    1. Go to Preferences > JavaScript (The exact path varies by product and platform). 2. In the JavaScript Security panel, set Enable global object security policy as needed. This values sets: [HKCU\Software\Adobe\<product name>\<version>\JSPrefs] "bEnableGlobalSecurity" Note Toggles on and off the ability of a script to access objects outside of the current document sandbox. If enabled, JavaScript objects are globally accessible.
  • Page 43 • Administrator list: This list requires administrator rights to modify and locks down the feature. It resides at: HKLM\SOFTWARE\Policies\Adobe\<product name>\<version>\FeatureLockDown\(cTrustedSites TrustedFolders)\cJavaScript • User list: The user list is for the current user only and is editable via the user interface. It resides at: HKCU\Software\Adobe\<product name>\<version>\TrustManager\(cTrustedSites...

  • Page 44: Certified Document Trust

    Options button and then trust the document once or always. • Create a privileged location via the UI for the file, folder, or host. • Create a privileged location via the registry/plist by placing a tID at: [HKCU\Software\Adobe\<product name>\<version>\TrustManager\(cTrustedSites or TrustedFolders)\cJavaScriptURL] "t8"="C:\\someTrustedPDF" 5.11 JavaScript injection...

  • Page 45: Workflow Changes By Version

    "t8"="C:\\someTrustedPDF" 5.12 Workflow changes by version Acrobat and Adobe Reader have always provided controls for managing JavaScript. Over time, these controls have become more rich in an effort to provide granular control over document behavior. The behavior across versions is as follows: 5.12.1 9.1 and 8.1.6 and earlier...
  • Page 46 • Enable JavaScript for this document one time only • Enable JavaScript for this document always: This option stores a unique document ID in HKCU\Software\Adobe\<product name>\<version>\TrustManager\cTrustedFolde Yellow message bar: JS off warning (9.2 and 8.1.7 and later) • High privileged JavaScript will not execute unless the user has established a prior trust relationship with the document via a trusted certificate or privileged location.

  • Page 47: Overview

    5.12.3.2 Overview Due to Adobe's high interest in security, changes to existing Acrobat and Adobe Reader functionality are periodically released to further strengthen the product's resistance to malicious attacks. As part of this effort, 10.1.1 introduces changes to the JavaScript feature that stores global variables and executes user-defined scripts.
  • Page 48 Restart the product to export the variables to the new format. Note For Adobe Reader, you can only use the latter method since the JavaScript console is not available unless you have enabled it as described at http://blogs.adobe.com/pdfdevjunkie/2008/10/how_to_use_the_javascript_debu.html.

  • Page 49: Attachments

    To mitigate the risk inherent in attachments: • Know what the content is and from where it originated. • Be aware of dangerous file types and how the application manages those types. Adobe applications maintain Black lists and white lists which control application behavior.
  • Page 50 LockDown file and edit it in a text editor. This file is normally located in application> <version number><product name>/<application> [version number] Professional/Contents/MacO 2. Hold the Ctrl key and click the application file in Applications/Adobe Acrobat <product name>. 3. Choose Show Package Contents. 4. Navigate to Contents > MacOS > Preferences.
  • Page 51 To edit the registry to modify the default behavior of file attachments in Linux: 1. Navigate to <install location>/Adobe/<application and version/Reader/globalPrefs. 2. Open AttachmentPerms in a text editor. 3. Edit or add an extension and value in the format of <.extension>:<0-3>. For example, .zip:1.

  • Page 52: Blacklisted Extensions

    Section 6   Attachments Application Security Guide Users can indirectly manage the registry list of which file types can be opened and saved. In other words, the list in Attachment black list can be extended one at a time as each attached file is opened. Administrators can modify the registry.
  • Page 53 Application Security Guide Section 6   Attachments Gzip Compressed Archive .hex Macintosh BinHex 2.0 file .hlp Windows Help file .hqx Macintosh BinHex 4 Compressed Archive .hta Hypertext Application .inf Information or Setup file .ini Initialization/Configuration file .ins IIS Internet Communications Settings (Microsoft) .isp IIS Internet Service Provider Settings (Microsoft) .its...
  • Page 54 Section 6   Attachments Application Security Guide .rar WinRAR Compressed Archive .reg Registration Information/Key for Windows 95/98, Registry Data file .scf Windows Explorer Command .scr Windows Screen Saver .sct Windows Script Component, Foxpro Screen (Microsoft) .sea Self-expanding archive (used by Stuffit for Mac files and possibly by others) .shb Windows Shortcut into a Document .shs...

  • Page 55: Cross Domain Configuration

    Adobe began addressing this problem several releases ago by implementing a standardized cross-domain security model that has evolved over the years into a robust, secure solution. By providing controls for who may receive data from whom, Adobe clients such as Flash and rich PDF documents are safe and extremely flexible.
  • Page 56 Application Security Guide 7.1.2 Cross domain workflow A cross-domain policy file is an XML document that grants a web client, such as Adobe Flash Player or Adobe Acrobat permission to handle data across domains. When a client hosts content from a particular...
  • Page 57 Section 7   Cross Domain Configuration 7.1.3 When you need cross domain access Cross domain access is permitted for Acrobat and Adobe Reader default installations in versions 9.2/8.17 and earlier. You can prevent such access by turning on the enhanced security feature.
  • Page 58 Cross-domain restrictions do not apply to data requested by Reader for non-document request operations. For example, if Adobe Reader requests a timestamp from a remote server to validate a digital signature, it is not restricted because the data was not requested by the document.

  • Page 59: User Experience

    7.1.5 PDFs in a standalone application vs. the browser Acrobat and Adobe Reader behave similarly with respect to data access, and their behavior is consistent whether running in the browser or as a standalone application. However, behavior inside and outside of a browser varies because of differences in http(s) request handling: •...

  • Page 60: Policy File Configuration

    Section 7   Cross Domain Configuration Application Security Guide • Enhanced security is enabled and privileged locations are not locked. Here the warning button appears with an options button. The user is provided with the option to trust the document once or always.
  • Page 61 URL (i.e. non-socket) master policy file which allows access to the example.com root domain with and without the www subdomain as well as any subdomains. allow-access-from: Allowing access to root domains <?xml version="1.0"?> <!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd"> <cross-domain-policy> <site-control permitted-cross-domain-policies="master-only"/> <allow-access-from domain="*.example.com"/> <allow-access-from domain="www.example.com"/>...
  • Page 62 Section 7   Cross Domain Configuration Application Security Guide <?xml version="1.0"?> <!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd"> <cross-domain-policy> <site-control permitted-cross-domain-policies="none"/> </cross-domain-policy> The following is the most permissive master policy file definition (strongly not recommended ). It allows any policy file on the target domain to grant permissions, allows access to any of its file, and permits any header to be sent to the server.
  • Page 63 HTTP source is accessing data on this domain through HTTPS. It should be obvious that this practice is not recommended. allow-access-from: Most permissive access <?xml version="1.0"?> <!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd"> <cross-domain-policy> <allow-access-from domain="www.example.com" secure="false"/> </cross-domain-policy>...

  • Page 64: Certificate-Based Permissions

    </cross-domain-policy> 7.3 Certificate-based permissions Acrobat and Adobe Reader 9.1 introduces an extension to cross-domain policies that enables cross domain access on a per document basis. You do so by identifying a certified document signed with a specific certificate that should be able to access web servers in another domain. Since these documents contain an embedded and unique public key certificate, a SHA-1 hash of the certificate can be used as an identifier, much like a fingerprint.
  • Page 65 Application Security Guide Section 7   Cross Domain Configuration Note If you are using a certificate hash for documents that are Reader enabled by a LiveCycle ES server, you should use the certificate issued in conjunction with the server. This certificate will be unique to your organization.
  • Page 66 Section 7   Cross Domain Configuration Application Security Guide reason. Note Other methods of extracting the certificate hash include using openSSL or importing the ID into the Windows store. Only one method is described here. To extract a certificate hash: 1. Open Acrobat. 2.

  • Page 67: Server Configuration

    Application Security Guide Section 7   Cross Domain Configuration 5. Save and close the policy file. Typical allow-access-from-identity block <allow-access-from-identity> <signatory> <certificate fingerprint="01:23:45:67:89:ab:cd:ef:01:23:45:67:89:ab:cd:ef:01:23:45:67" fingerprint-algorithm="sha-1"/> </signatory> </allow-access-from-identity> 7.3.4 Fingerprint usage rules • Multiple signatories require multiple <allow-access-from-identity> blocks. • There must be one and only one <signatory> block inside an <allow-access-from-identity>.
  • Page 68 Section 7   Cross Domain Configuration Application Security Guide • For 9.2, Acrobat requires that cross-domain policy files return from the server with the content-type text/cross-domain-policy. • For 9.3, both clients support all of the mime types listed in the specification: • Any content type that starts with "text/" •...
  • Page 69 Application Security Guide Section 7   Cross Domain Configuration 6. Specify the MIME type for the policy file: 1. In the left hand column, choose Environment > Virtual hosts. 7. Select the** (host name) > MIME Types**. 8. Configure the following: • MIME Type: text/x-cross-domain-policy (or a type supported per the specification). •...
  • Page 70 Section 7   Cross Domain Configuration Application Security Guide 1. Open NetWeaver Administrator. 2. Navigate to Java System Properties: Configuration Management > Infrastructure. 3. In the Services tab, select HTTP Provider Service. A list of all service properties is displayed on the Extended Details tab page. 4.

  • Page 71: Calling Policies Via Javascript

    Application Security Guide Section 7   Cross Domain Configuration 3. In the web.xml set the mime-mapping tag: <mime-mapping> <extension>xml</extension> <mime-type>text/x-cross-domain-policy</mime-type> </mime-mapping> 1. Deploy the ear file as usual. 7.5 Calling policies via JavaScript One exception to the requirement that a master policy file be present is when a document specifies a policy via JavaScript.
  • Page 72 Section 7   Cross Domain Configuration Application Security Guide 7.6.1 Enabling logging If you need to debug cross domain access, enable logging. Note Logging is not available on Macintosh. Cross domain logging Logging: User interface configuration The 9.3 and 8.2 updates and later allow configuration via the user interface. To do so: 1.
  • Page 73 • Windows 7: C:UsersusernameAppDataRoamingAdobeAcrobat9.0 7. Create an empty file called AcrobatCrossDomain.log. Note The log name is identical for Adobe Reader. 7.6.2 General log messages Request for resource at %s by requestor from %s is permitted due to policy file at %s A file attempted an operation that requires a policy file permission and the policy was found.
  • Page 74 Section 7   Cross Domain Configuration Application Security Guide • No applicable policy file exists to authorize the operation. If you control the server where the resource resides, you may need to add a policy file on that server. Otherwise, you may need to proxy the operation through the file's own server.
  • Page 75 Application Security Guide Section 7   Cross Domain Configuration The client made an HTTP request but was not able to see HTTP response headers. As detailed in the section on meta-policies, some of the new, strict policy file rules require that the client be able to access HTTP response headers;...
  • Page 76 Section 7   Cross Domain Configuration Application Security Guide HTTP header from %s specifies meta-policy 'by-ftp-filename', which is only applicable to FTP, not HTTP. A by-ftp-filename meta-policy was found in an X-Permitted-Cross-Domain-Policies HTTP response header, but it is only valid for FTP servers. The X-Permitted-Cross-Domain-Policies header has been ignored, but any policy file at this URL has not necessarily been ignored (there should be a further error message if it is).
  • Page 77 Application Security Guide Section 7   Cross Domain Configuration The meta-policy has been ignored, but the policy file itself has not necessarily been ignored (there should be a further error message if it is). Meta-policy %s in policy file from %s conflicts with previously established meta-policy %s Meta-policies are incorrectly configured.
  • Page 78 Section 7   Cross Domain Configuration Application Security Guide Port ranges may include the wildcard *, individual port numbers, port ranges separated by dashes, or comma-separated lists of individual numbers and/or ranges. The allow-access-from is ignored, although other directives in the same policy file may be valid and accepted. Ignoring 'secure' attribute in policy file from %s.
  • Page 79 Application Security Guide Section 7   Cross Domain Configuration Timeout on %s (at 3 seconds) while waiting for socket policy file. Only pertinent to Flash and socket policy files. [strict] Local socket connection forbidden to host %s without a socket policy file. Only pertinent to Flash and socket policy files.

  • Page 80: External Content Access

    Section 8   External Content Access Application Security Guide 8 External Content Access 8.1 Internet access Your application can inform you when a PDF file is attempting to connect to an Internet site. Opening a Web page represents a security risk because malicious content can be transferred whenever a PDF communicates with the Internet.
  • Page 81 Application Security Guide Section 8   External Content Access If you choose the custom settings option, the Web Sites panel becomes active and you can enter unique URLs. URLs must begin with www and end with a valid suffix. The Acrobat family of products maintains a white and black list of URLs called the Trust List.

  • Page 82: Multimedia (Legacy)

    Section 8   External Content Access Application Security Guide External connection warning 8.2 Multimedia (legacy) Multimedia poses a security risk because it could potentially change the document's appearance or present security holes through multimedia players. There are two types of multimedia, and application behavior varies with each type: •...
  • Page 83 Application Security Guide Section 8   External Content Access 9.5 & Multimedia trust is integrated into the Trust Manager framework and the following changes have been made: 10.1.2 • The following UI items are removed from Preferences > Multimedia Trust (Legacy): Clear your list of trusted documents AND Display permissions for ( ) Trusted documents ( ) Other documents.
  • Page 84 • With 9.5 & 10.1.2 and later, create a privileged location via the UI for the file, folder, or host. • With 9.5 & 10.1.2 and later, create a privileged location via the registry/plist by placing a tID at: [HKCU\Software\Adobe\<product name>\<version>\TrustManager\<cTrustedSites or TrustedFolders>\] "cMultiMedia"...
  • Page 85 Application Security Guide Section 8   External Content Access 8.2.3.2 9.3-8.2 & later For 9.3 and 8.2, modal dialogs have been replaced by a Yellow Message Bar. The options button allows users to trust once or always. Choosing Always adds the item to the already existing Trusted Documents list.

  • Page 86: Xobjects

    Section 8   External Content Access Application Security Guide 8.2.3.3 Up to 9.2-8.1.7 These product versions displayed the dialog below rather than the YMB. 9.2-8.1.7 and earlier: Manage Trust for Multimedia Content dialog 8.3 XObjects Changes across releases: XObject (external stream) access Version Change pre 9.2...

  • Page 87: 3D Content (9.5.1 And Later)

    • Options button provides the Trust Once and Trust Always options. • Enterprise IT can configure the end user settings via HKCU\Software\Adobe\<product name>\<version>\3D\bEnable3DContent. • Enterprise IT can disable and lock 3D rendering so that the user cannot change the setting via HKLM\SOFTWARE\Policies\Adobe\<product name>\<version>\FeatureLockDown\bEnable3D.
  • Page 88 Section 8   External Content Access Application Security Guide Beginning with 9.5.1, Adobe Reader and Acrobat no longer include a Flash Player for displaying Flash in PDF files. Instead, rendering Flash content embedded in a PDF now requires that a Flash Player already resides on the user machine.

  • Page 89: Trust Methods

    Application Security Guide Section 9   Trust Methods 9 Trust Methods Ideally, you've enabled and configured all of the product's security mechanisms and are now ready to assign trust to elements in your workflows. Available trust mechanisms include: 9.1 Privileged locations Privileged locations (PLs) are synonumous with "trusted locations." PLs are the primary way that users and administrators can specify trusted content that should be exempt from security retrictions.
  • Page 90 • Add Host: Enter the complete name of the root URL only with no wildcards. For example, www.adobe.com but not www.adobe.com/lc. To specify HTTPS, select Secure Connections Only. 3. Choose OK.
  • Page 91 Application Security Guide Section 9   Trust Methods 9.1.3 User on-the-fly config. Whenever a PDF opens that contains content which is blocked by a security feature, a Yellow Message Bar (YMB) appears. If the feature has not been disabled by the administrator, users can trust the document on-the-fly as follows: •...
  • Page 92 Section 9   Trust Methods Application Security Guide [HKEY_CURRENT_USER\Software\Adobe\<product name>\<version>\TrustManager\cTrustedFolders\cCrossdomain] "t3"="C:\\Documents and Settings\\username\\My Documents\\acrobat_logo16.png" Protected View: trust set in the registry 9.1.5 Recursive directory trust Recursivity is on by default with 10.1. Prior to 10.1, if you make a folder a privileged location its subdirectories are not automatically included.

  • Page 93: Internet Access

    10.x products support the use of wildcard matching of subdomain components for trusted host URLs. For example, for a basic URL of a.b.c.adobe.com, you can wildcard on all of a, b, or c. It is required that at least the first subdomain is specified (adobe in this case). So *.corp.adobe.com or 11lcforms.*.adobe.com`` works, but *.forms.corp.adobe.com or lcforms.corp.*.com will not.

  • Page 94: Per-Certificate Trust

    Section 9   Trust Methods Application Security Guide [HKEY_CURRENT_USER\Software\Adobe\<product>\<version>\TrustManager] "bTrustCertifiedDocuments"=dword:00000001 To lock the setting, set the following: [HKLM\SOFTWARE\Policies\Adobe\<product>\<version>\FeatureLockDown\ "bEnableCertificateBasedTrust"=dword:00000001 9.4 Per-certificate trust Trust can be configured on a per-certificate basis so that certified documents signed with a specific certificate can be made exempt from some security restrictions. For the certification signature, the signature must be valid and the certificate must chain to a valid and trusted root certificate.

  • Page 95: Xobject (Stream) Access

    Use the same ID and value. Note Other XObject settings can be configured via the UI or in the registry as described in the Preference Reference for Acrobat and Adobe Reader. Section 9   Trust Methods Page 91...

  • Page 96: Content Security

    Section 10   Content security Application Security Guide 10 Content security Application security is all about hardening the application against malicious attacks. Content security is designed to protect workflows and content within the application's secured environment. The product's application security options as well as its content security features such as digital signatures, encryption, and permissions provide unparallelled control over PDF-based workflows.

This manual is also suitable for:

Acrobat

Table of Contents