Adobe 22002484 User Guide - Page 214
Blacklisted JavaScript, Security settings update, Access to unknown or untrusted websites, Enhanced
View all Adobe 22002484 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 214 highlights
USING ACROBAT 9 STANDARD 209 Security Security alerts are displayed in the following situations. Blacklisted JavaScript Adobe uses a blacklist to specify vulnerable JavaScript APIs that could leave your program open to malicious attacks. Adobe modifies the blacklist via Acrobat and Reader patches whenever new vulnerable JavaScript APIs are discovered, or when vulnerabilities are fixed. Enterprise administrators can prevent additional JavaScript APIs from running in their environment. If a PDF tries to access a blacklisted JavaScript, a message appears in the yellow document message bar below the toolbar area. The type of message depends on your version of Acrobat or Reader, recent updates from Adobe, and any fine-tuning by enterprise administrators. For more information about the situations that trigger JavaScript warnings, see the TechNote at http://go.adobe.com/kb/ts_cpsid_50432_en-us. For more information about blacklisted JavaScripts, see the TechNote at http://go.adobe.com/kb/ts_cpsid_50431_en-us. Security settings update Adobe periodically distributes certificates to be used as trust anchors for signature workflows. These downloads are important to ensure that digitally signed PDFs from trusted sources maintain their trusted status. If you receive an update from an unknown source, verify that it is from a web address that you trust before proceeding. Updates from untrusted websites can create vulnerabilities on your computer. Access to unknown or untrusted websites An alert helps prevent PDFs from connecting to malicious websites. The alert is displayed when a PDF tries to connect to a site in these situations: • The site is not on your list of trusted sites in Trust Manager. • The PDF or the website is not listed as a privileged location in the Security (Enhanced) preferences. Before allowing the connection, look carefully at the URL to ensure that it is an appropriate link. To find out why the PDF is trying to contact the Internet, contact your system administrator or the PDF creator. Enhanced security warnings With enhanced security enabled, Acrobat and Reader alert you when a document attempts any of several potentially risky actions. You can selectively allow these restricted actions by using an appropriate method from the list in "Bypassing enhanced security restrictions" on page 210. Important: Acrobat and Reader 9.3 and 8.2 enable enhanced security by default. Adobe recommends that you enable enhanced security if it is not already enabled, and that you bypass restrictions only for trusted content. Cross-domain access Enhanced security prevents a PDF in one host domain from communicating with another domain. This action prevents a PDF from getting malicious data from an untrusted source. When a PDF attempts cross-domain access, Acrobat and Reader automatically attempt to load a policy file from that domain. If the domain of the document that is attempting to access the data is included in the policy file, then the data is automatically accessible. Note: This action is different from displaying or browsing HTML pages, images, or other web content, which is allowed. Loading or running JavaScript Acrobat and Reader block JavaScript operations when the scripts are blacklisted or originate from an external source. Last updated 9/30/2011