File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes Security and the fly likes Open PFD in browser vulnerability Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Engineering » Security
Bookmark "Open PFD in browser vulnerability" Watch "Open PFD in browser vulnerability" New topic

Open PFD in browser vulnerability

Fahim Farook

Joined: Mar 20, 2011
Posts: 12
We have a Java based web application deployed on WebLogic. We provide direct links to some PDF files, which the users can download/ open in their browser. Our security team is claiming that to allow opening PDF files in the browser is security risk. So they want to force the users to download the PDF files first rather than opening them in the browser window.

Is their a way to programmatically prevent the user from opening the PDF files in the browser window and to force downloading the PDF files first?
Ulf Dittmer

Joined: Mar 22, 2005
Posts: 42965
That totally depends on client-side (i.e., browser) settings over which the web app has no control. I'm having a hard time seeing how opening the PDF in the browser is any more of a security risk than opening it using a standalone app, though.

If I wanted to protect users from PDF vulnerabilities, the first thing I'd do is to delete Adobe Reader from every computer. Any other way of viewing PDFs has got to be more secure (like Preview on OS X, or Firefox's builtin-in viewer).
I agree. Here's the link:
subject: Open PFD in browser vulnerability
It's not a secret anymore!