preventing unautorize people to read a pdf.

yanip

13-03-2018

Hello,
I work with pdf form (Acrobat Pro and LiveCycle) that contains confidential information.

These pdf have to go though different level of approbation, each of em with a password created by the previous person.

I was thinking of hidding the pages on save / exit of the pdf and having a javascript dialog to ask the user for the password and close acrobat if its not the right one.

This way if the user has disabled javascript "to prevent the dialog box" they still wouldn't be able to see the data.

While working on another project which involve using a excel macro to feed an excel with the data from another pdf i tried to hide the masterpage and execute it.

Maybe not to my surprise i was able still to read the data. but if i hide the different textbox then excel can't extract them.

I was wondering if liveCycle had a way to encrypt the data in the cells using a provided key that i would provide?
Or if it was possible to programatically change the pdf "password to open the file" property?

Or is there any good 3rd party addon that would make extracting the data from a pdf harder?

I really need 3 different password and what one display must be independant to what the others display.

Thanks

Accepted Solutions (0)

Answers (3)

Answers (3)

yanip

15-03-2018

Thank you both for your answer,

Ulibaehr, it is what i was already doing 'more or less' but instead of setting fields visible or hidden when the page is load i was setting the pages to hidden on preSave, this way even if the user desactivate javascript in acrobat reader he wouldn't see it.

BUT using a simple macro in excel would allow to still read every elements of a form even tho their parent sub / pages are hidden. Only the elements with their properties hidden were not getting extracted.

So now on presave im looping through the whole form and hidding the fields.with this function.

/* ********************************************************************

  HideAll Fields

   ********************************************************************/

  

   function HideAll(pONode) {

  if (pONode.className == "exclGroup" || pONode.className == "subform"  || pONode.className == "subformSet" || pONode.className == "area") // if one of these must go one node deeper.

  {

  // Look for child fields.

  for (var i = 0; i < pONode.nodes.length; i++)

  {

  var pOChildNode = pONode.nodes.item(i);

  HideAll(pOChildNode);

  }

  }

  if (pONode.className == "field") { // if a field

  pONode.presence = "hidden";

  }

  return 1;

   }

Then upon opening the form if the right password is entered i run a cript that show them all and then hide some of em on specific condition.

altrue990  Thanks for your answer, are you refering to the document security property "ask password to open the document"

I offered it to the user but they refused on the ground that they don't want to remember 2 password.

The thing is that the document need to go through 3 approbation. each of them need their own password set by the person below  in the approval process. I even suggest them to use a password to open the document an another one to identify them as the person who can read. They refused it on the ground it would be too complicate remembering 2 password even tho one of them would always be the same.

altrue990

15-03-2018

Placing a password in the XFA template is not secure. The XFA template is not encrypted in any way and could be read by anyone with access to the proper tools. I would recommend using Acrobat's built in document encryption tooling. They may not do everything you want, but they are well tested to be secure.

ulibaehr

15-03-2018

It depends on the required degree of confidentiality:

It is possible to add a password with Acrobat to prevent unauthorized persons to open the PDF in Designer. But there are tools to open this PDF anyways. Regular users will not be able to read your scripting - others can.

Of course you can ask for passwords and set subforms "hidden" oder "visible" depending on the password.

sPassword = xfa.host.response("What's your password?", "Password", "", true);

switch(sPassword) {

     case "CEO":

          this.presence = "visible";

          break;

}