Introduction to PDF security

The application of security on documents has always been a delicate balancing act between ease-of-use and adequate protection for the document’s contents. When the documents contain commercial content, insufficient security can mean lost income; when the protected content is sensitive confidential information, the consequences can be far more dire. On the other hand, if product documentation were to be password-protected, users may not be able to access it. This illustrates the point that stronger security doesn’t necessarily mean that it’s a better fit, so it’s important not to mistake capability for imperative with regards to security.

There is a high level of granularity available in Acrobat 7 Professional and its associated products. For instance, it’s possible to limit printing, the selection — and hence, copying — of text and image, prohibit changing the document or merging with other documents. It’s also possible to prevent users from filling form fields or digitally signing the document. If the document is PDF version 1.6 (i.e. only compatible with Acrobat version 7 and above), then there are even more options, and all of this is just Acrobat’s standard security! With Acrobat 7 Professional, it’s even possible to separately encrypt a PDF document and its attachments. There are of course additional security measures available: depending on the needs of the document distributor, it’s also possible to digitally sign a document to indicate approval and prevent changes from being made to the document, incorporate real-time authentication of a document each time someone attempts to open it and to limit the number of times a document can be opened. Because of the many options available, the primary focus of this article will be to cover general security usage principles and to briefly cover the various options directly available in Adobe Acrobat 7 Professional.

When deciding on the security measures needed for a given PDF document, the first questions you need to ask yourself relate to the document’s purpose and intended audience:

  1. Who is the document’s intended audience? (e.g. all web site visitors, printers, or personnel who have signed an NDA. Which version of Acrobat or Reader are they using? Does the content need to be available to screen-reading assistive technologies?)
  2. Where are you sending, posting or filing it? (e.g. prepress house, company web site, or corporate intranet.)
  3. What kind of information is contained in the PDF? (e.g. text, graphics, multimedia.)
  4. How will your intended audience use the document? (e.g. filling forms, forwarding by email, reviewing, updating or fixing the file.)

Once these initial questions are answered, the required document security measures start to take shape. For instance, if the document’s intended audience is internal to the company and contains sensitive financial information, it will need to be protected from unauthorized changes and access by unauthorized personnel.

You May Also Like

About the Author: Dan Shea

Leave a Reply