Adobe 12001196 - Acrobat - Mac Manual page 43

Application Security Guide
5.8.1 Trusted override
There are several ways to assign trust so that this feature works in a trusted context:
• Configure certificate trust for digital signature workflows as described below.
• Create a privileged location via the UI for the file, folder, or host.
• Create a privileged location via the registry/plist by placing a tID at either:
• Administrator list: This list requires administrator rights to modify and locks down the feature. It
resides at:
HKLM\SOFTWARE\Policies\Adobe\<product name>\<version>\FeatureLockDown\(cTrustedSites
• User list: The user list is for the current user only and is editable via the user interface. It resides at:
HKCU\Software\Adobe\<product name>\<version>\TrustManager\(cTrustedSites
5.8.1.1 Certificate trust
You can control script behavior on a per-certificate basis or by using trust anchors. If a signer's certifying
certificate chains up to another certificate (a trust anchor) that allows high privileged JavaScript, then high
privileged JavaScript will run in that document. For example, some enterprises may issue a MyCompany
certificate that allows high privileged JavaScript. If all employee certificates use ExampleCompany as a
trust anchor, then they can send and receive certified documents within the company that allow high
privileged JavaScript execution.
Thus, certificate trust settings can override blacklist settings under the following conditions:
• The document must be certified.
• The certification signature must be valid.
• The signer's certificate is trusted for or chains up to a trust anchor trusted for executing high
privilege JavaScript.
Section 5 JavaScript Controls
Section 5 JavaScript Controls
or TrustedFolders)\cJavaScript
or TrustedFolders)\cJavaScript
Page 39