Adobe Developer
Console
Acrobat Enterprise
Security Configuration Guide for Acrobat
Application Security Overview
Content security
Best practices
Additional resources
Sandbox Protections
What is a “sandbox”?
Sandbox features
User interface configuration
Protected View
Configuration
Registry configuration
Trusting PDFs
Verifying PV is enabled
Protected view FAQs
Protected Mode
Configuration
Trust overrides
Logging setup
Verifying PM is enabled
PM and shell extensions
Policy configuration
Default read policy
Enabling custom policies
Creating policies
3rd party plugin support
Using 3rd party JS editors
Protected Mode dialogs
FAQs
AppContainer
Configuration
Enhanced Security
Feature interaction
Configuration
UI and registry config
Locking enhanced security
Macintosh configuration
UNIX configuration
Trust overrides
Privileged locations
Internet Access
Certificate trust
xdomain policy files
User experience
FDF, XFDF, and XDP
Dialogs and warnings
9.2, 8.1.7, and earlier
9.3, 8.2, and later
Examples
Most restrictive settings (unlocked)
Most restrictive settings (locked)
Least restrictive settings
Troubleshooting and FAQs
JavaScript Controls
Permissions basics
Workflow diagrams
Disabling JavaScript
Trusted override
Blacklisting JS APIs
Blacklist locations
Blacklist configuration
Trusted override
JS blacklist tool
Installation
Usage
Disabling menu-invoked JS
Trusted override
Disabling global object access
High privileged JavaScript
Trusted override
Certificate trust
Certified document trust
JavaScript invoked URLs
Trusted override
JavaScript injection
Trusted override
Workflow changes by version
What you should do
Attachments
Basic configuration
Attachments and 3rd party apps
Opening non-PDF file types
Setting file type permissions
Attachment user interface
Resetting attachment permissions
Allowing attachments to launch applications
Modifying permissions on-the-fly
Black lists and white lists
Blacklisted extensions
Cross Domain Configuration
Cross domain basics
Same-origin policies
Cross domain workflow
When you need cross domain access
When you don’t need cross domain support
PDFs in a standalone application vs. the browser
User experience
Policy file configuration
Policy file syntax
Policy file best practices
Typical policy
Permissive vs. restrictive policies
Meta vs. master policies
HTTP-HTTPS communications
Socket permissions
Credential-based permissions
Friendly names and alias use
IP address
Header-based permissions
Certificate-based permissions
Certified documents
Reader enabled documents
Adding a certificate hash to a policy file
Fingerprint usage rules
Server configuration
Policy file host basics
Differences between Acrobat and Flash
Server setup examples
JBoss
WebSphere
SAP Netweaver 7 and 7.1
Windows
WebLogic
Calling policies via JavaScript
Troubleshooting
Enabling logging
General log messages
Meta policy messages
Policy file parsing/syntax errors
Flash only messages
External Content Access
Internet access
Configuration
Multimedia (legacy)
Configuration
XObjects
3D content
Flash integration
PDF Links
Trust Methods
Privileged locations
UI configuration
Wizard configuration
UI (on-the-fly) config.
Registry configuration
Recursive directory trust
Disabling Priv. Locations
Wildcard and host trust
Trusting IE trusted sites
Locking IE trusted sites
Internet access
Certified document trust
Per-certificate trust
Cross domain trust
XObject (stream) access
EMF and XPS conversion to PDF
FIPS Compliance
Document encryption
Enterprise Toolkit
Console Help
Forum
Mobile
Console
Security Configuration Guide for Acrobat
»
Table of Contents
Next
Table of Contents
¶
Application Security Overview
Content security
Best practices
Additional resources
Sandbox Protections
What is a “sandbox”?
Protected View
Protected Mode
AppContainer
Enhanced Security
Feature interaction
Configuration
Trust overrides
User experience
Examples
Troubleshooting and FAQs
JavaScript Controls
Permissions basics
Workflow diagrams
Disabling JavaScript
Blacklisting JS APIs
Disabling menu-invoked JS
Disabling global object access
High privileged JavaScript
Certified document trust
JavaScript invoked URLs
JavaScript injection
Workflow changes by version
Attachments
Basic configuration
Attachment user interface
Black lists and white lists
Cross Domain Configuration
Cross domain basics
Policy file configuration
Certificate-based permissions
Server configuration
Calling policies via JavaScript
Troubleshooting
External Content Access
Internet access
Multimedia (legacy)
XObjects
3D content
Flash integration
PDF Links
Trust Methods
Privileged locations
Internet access
Certified document trust
Per-certificate trust
Cross domain trust
XObject (stream) access
EMF and XPS conversion to PDF
FIPS Compliance
Document encryption
