Adobe LiveCycle (Archived)

Report · 9/26/06

Our business involves sending out topical economic and financial research in multiple daily e-mails to our clients. We wish to prevent e-mail forwarding of this research to non-clients. While there seems to be nothing to prevent e-mail forwarding itself, we hope to control access to our research by using attached PDF files.

The solution seems to be Policy Server, but I have an initial question about client login. What exactly does it mean that clients must log in to Policy Server before they are allowed to view a PDF sent to them? Is this done automatically when the client tries to open a PDF, or must they do this prior to attempt opening the file, and must they do this before every PDF file sent to them (we send several every day). If the latter, most of our clients would object to this extra step each time. And does this mean we need to open our firewall to the server for all clients?

Thanks

Report · 10/3/06

Carl,

When you attempt to open a policy-protected document, a login dialog will automatically appear.

This dialog will pass the credentials to a server on which policy server is running. This server

must be accessible outside of your firewall for each of the clients.

Based on tests that I've performed in the past, Acrobat and Reader appear to do some local caching

of login credentials (though I haven't seen any documentation confirming this). What this means is

if you already have Acrobat or Reader up and running, you may not get prompted for a login if you

open another policy-protected document (though it will still communicate with the remote Policy Server).

Hope this helps!

--

Justin Klei

Cardinal Solutions Group

www.cardinalsolutions.com

Report · 10/3/06

Thanks Justin

This helps a lot for us to move forward with this solution. I'm wondering, however, just how stable a server is going to be outside a firewall. I wonder if there is a port forwarding solution that would open up the firewall just to policy server requests, but still, it sounds like a not very secure situation. There must be something within an LDAP server that will secure the server.

Thanks for your help!

Carl Steen

Report · 10/4/06

Carl_D._Steen@adobeforums.com wrote:

> Thanks Justin

>

> This helps a lot for us to move forward with this solution. I'm wondering, however, just how stable a server is going to be outside a firewall. I wonder if there is a port forwarding solution that would open up the firewall just to policy server requests, but still, it sounds like a not very secure situation. There must be something within an LDAP server that will secure the server.

>

> Thanks for your help!

>

> Carl Steen

One other thing...the web application should be configured to run SSL (https). This is a

requirement of Policy Server and will encrypt all communication between the client and server.

Regarding your security concerns...Policy Server doesn't need to be running on a computer outsite

the firewall...it just needs to be accessible from outside the firewall. This is how many corporate

websites are set up.

--

Justin Klei

Cardinal Solutions Group

www.cardinalsolutions.com

Report · 10/4/06

Hi Carl,

The recommended deployment of Policy Server is to put a reverse proxy (for example, Blue Coat) in the company's DMZ and have that sit between the internet and Policy Server, which can be located behind the company firewall. The client (Adobe Reader) would then connect to the reverse proxy and the proxy would forward requests to Policy Server.

Hope this helps,

-Bill

Adobe LiveCycle (Archived)

Client Login Procedure

Learn

Documentation

Community

Support

Resources

Adobe account

Adobe