aspose file tools
The moose likes Security and the fly likes Open PFD in browser vulnerability Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

Win a copy of The Software Craftsman this week in the Agile forum!
JavaRanch » Java Forums » Engineering » Security
Bookmark "Open PFD in browser vulnerability" Watch "Open PFD in browser vulnerability" New topic

Open PFD in browser vulnerability

Fahim Farook

Joined: Mar 20, 2011
Posts: 12
We have a Java based web application deployed on WebLogic. We provide direct links to some PDF files, which the users can download/ open in their browser. Our security team is claiming that to allow opening PDF files in the browser is security risk. So they want to force the users to download the PDF files first rather than opening them in the browser window.

Is their a way to programmatically prevent the user from opening the PDF files in the browser window and to force downloading the PDF files first?
Ulf Dittmer

Joined: Mar 22, 2005
Posts: 42954
That totally depends on client-side (i.e., browser) settings over which the web app has no control. I'm having a hard time seeing how opening the PDF in the browser is any more of a security risk than opening it using a standalone app, though.

If I wanted to protect users from PDF vulnerabilities, the first thing I'd do is to delete Adobe Reader from every computer. Any other way of viewing PDFs has got to be more secure (like Preview on OS X, or Firefox's builtin-in viewer).
Have you tried LearnNowOnline?
subject: Open PFD in browser vulnerability