- #ADOBE PDF BROWSER PLUGIN HOW TO#
- #ADOBE PDF BROWSER PLUGIN INSTALL#
- #ADOBE PDF BROWSER PLUGIN SOFTWARE#
- #ADOBE PDF BROWSER PLUGIN LICENSE#
And if you do a Google search, you will find companies selling plug-in conflict detection tools, so the problem is a genuine hazard. The first thing you are told if there is an issue with an application is to disable all plugins. However, it seems that plug-ins sometimes conflict with each other. Ideally, a plug-in should be secure by virtue of its own design, adding it to an existing application would not add a new weakness, and the plug-in would not conflict with any other plug-ins used in the same application. Are plugins secure – and what do we mean by secure?
#ADOBE PDF BROWSER PLUGIN HOW TO#
They tell the outsider where data is found and how to interpret it. They expose the internal workings of the manufacturer’s product to the outsider. Well, they allow outsiders a degree of access to what is happening inside a manufacturer’s product by making information available, such as where some data is stored and how to manipulate that data. Sometimes these points of access are called APIs, and sometimes they are called plug-ins.
#ADOBE PDF BROWSER PLUGIN SOFTWARE#
Many software product manufacturers provide customers access into their products and Adobe is no different. You can hardly expect them to understand any of these arcane technical issues, still less comply with them.
Normal users familiar with their desktop plugins can hardly be criticized for using non-certified plugins.
Of course, one must assume that this is precisely what any attacker would do. We respect the advice given by CERT, but note that if an attacker permits the loading of unverified non-certified plugins (which happens by default in all versions of Acrobat unless you specifically check a box to say otherwise) they may introduce vulnerabilities. There are many legitimate plug-ins on the market today that have this capability which are not hacking tools and were not developed for that purpose. Unfortunately, by its very nature, it does just that. That means any third party can write a perfectly valid and appropriate plug-in that extracts text from an open PDF document without it having been deliberately designed to break any security systems.
#ADOBE PDF BROWSER PLUGIN LICENSE#
An Adobe Reader plugin requires a license agreement and an enabling key from Adobe as part of the Adobe Reader Integration Key License Agreement (IKLA). “Developers can freely write plug-ins for Adobe Acrobat. However, it is also openly admitted that ‘legitimate’ plug-ins may compromize the security of a system: Unverified non-certified plugins can be removed from the plug-ins directory, and they will no longer load at startup.”
#ADOBE PDF BROWSER PLUGIN INSTALL#
“Be careful not to install untrusted software, including non-certified Adobe plugins (those not signed and deployed by Adobe), unless certain of the origin and integrity of such software. The highly respected CERT organization reported the following in respect of the Adobe system: But they are known to also create security holes. In the PDF world, it is commonplace to use plugins to provide extra functionality and features.
0 kommentar(er)
