Win a copy of Think Java: How to Think Like a Computer Scientist this week in the Java in General forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Open PFD in browser vulnerability

 
Fahim Farook
Greenhorn
Posts: 12
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
We have a Java based web application deployed on WebLogic. We provide direct links to some PDF files, which the users can download/ open in their browser. Our security team is claiming that to allow opening PDF files in the browser is security risk. So they want to force the users to download the PDF files first rather than opening them in the browser window.

Is their a way to programmatically prevent the user from opening the PDF files in the browser window and to force downloading the PDF files first?
 
Ulf Dittmer
Rancher
Posts: 42967
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
That totally depends on client-side (i.e., browser) settings over which the web app has no control. I'm having a hard time seeing how opening the PDF in the browser is any more of a security risk than opening it using a standalone app, though.

If I wanted to protect users from PDF vulnerabilities, the first thing I'd do is to delete Adobe Reader from every computer. Any other way of viewing PDFs has got to be more secure (like Preview on OS X, or Firefox's builtin-in viewer).
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic