Your achievements

Level 1

0% to

Level 2

Tip /
Sign in

Sign in to Community

to gain points, level up, and earn exciting badges like the new
Bedrock Mission!

Learn more

View all

Sign in to view all badges

Client Login Procedure

Avatar

Not applicable
Our business involves sending out topical economic and financial research in multiple daily e-mails to our clients. We wish to prevent e-mail forwarding of this research to non-clients. While there seems to be nothing to prevent e-mail forwarding itself, we hope to control access to our research by using attached PDF files.



The solution seems to be Policy Server, but I have an initial question about client login. What exactly does it mean that clients must log in to Policy Server before they are allowed to view a PDF sent to them? Is this done automatically when the client tries to open a PDF, or must they do this prior to attempt opening the file, and must they do this before every PDF file sent to them (we send several every day). If the latter, most of our clients would object to this extra step each time. And does this mean we need to open our firewall to the server for all clients?



Thanks
4 Replies

Avatar

Not applicable
Carl,

When you attempt to open a policy-protected document, a login dialog will automatically appear.

This dialog will pass the credentials to a server on which policy server is running. This server

must be accessible outside of your firewall for each of the clients.



Based on tests that I've performed in the past, Acrobat and Reader appear to do some local caching

of login credentials (though I haven't seen any documentation confirming this). What this means is

if you already have Acrobat or Reader up and running, you may not get prompted for a login if you

open another policy-protected document (though it will still communicate with the remote Policy Server).



Hope this helps!

--

Justin Klei

Cardinal Solutions Group

www.cardinalsolutions.com

Avatar

Not applicable
Thanks Justin



This helps a lot for us to move forward with this solution. I'm wondering, however, just how stable a server is going to be outside a firewall. I wonder if there is a port forwarding solution that would open up the firewall just to policy server requests, but still, it sounds like a not very secure situation. There must be something within an LDAP server that will secure the server.



Thanks for your help!



Carl Steen

Avatar

Not applicable
Carl_D._Steen@adobeforums.com wrote:

> Thanks Justin

>

> This helps a lot for us to move forward with this solution. I'm wondering, however, just how stable a server is going to be outside a firewall. I wonder if there is a port forwarding solution that would open up the firewall just to policy server requests, but still, it sounds like a not very secure situation. There must be something within an LDAP server that will secure the server.

>

> Thanks for your help!

>

> Carl Steen



One other thing...the web application should be configured to run SSL (https). This is a

requirement of Policy Server and will encrypt all communication between the client and server.



Regarding your security concerns...Policy Server doesn't need to be running on a computer outsite

the firewall...it just needs to be accessible from outside the firewall. This is how many corporate

websites are set up.



--

Justin Klei

Cardinal Solutions Group

www.cardinalsolutions.com

Avatar

Not applicable
Hi Carl,



The recommended deployment of Policy Server is to put a reverse proxy (for example, Blue Coat) in the company's DMZ and have that sit between the internet and Policy Server, which can be located behind the company firewall. The client (Adobe Reader) would then connect to the reverse proxy and the proxy would forward requests to Policy Server.



Hope this helps,



-Bill