This week's book giveaway is in the OCPJP forum.
We're giving away four copies of OCA/OCP Java SE 7 Programmer I & II Study Guide and have Kathy Sierra & Bert Bates on-line!
See this thread for details.
The moose likes Security and the fly likes Open PFD in browser vulnerability Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of OCA/OCP Java SE 7 Programmer I & II Study Guide this week in the OCPJP forum!
JavaRanch » Java Forums » Engineering » Security
Bookmark "Open PFD in browser vulnerability" Watch "Open PFD in browser vulnerability" New topic
Author

Open PFD in browser vulnerability

Fahim Farook
Greenhorn

Joined: Mar 20, 2011
Posts: 12
We have a Java based web application deployed on WebLogic. We provide direct links to some PDF files, which the users can download/ open in their browser. Our security team is claiming that to allow opening PDF files in the browser is security risk. So they want to force the users to download the PDF files first rather than opening them in the browser window.

Is their a way to programmatically prevent the user from opening the PDF files in the browser window and to force downloading the PDF files first?
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 42367
    
  64
That totally depends on client-side (i.e., browser) settings over which the web app has no control. I'm having a hard time seeing how opening the PDF in the browser is any more of a security risk than opening it using a standalone app, though.

If I wanted to protect users from PDF vulnerabilities, the first thing I'd do is to delete Adobe Reader from every computer. Any other way of viewing PDFs has got to be more secure (like Preview on OS X, or Firefox's builtin-in viewer).


Ping & DNS - my free Android networking tools app
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Open PFD in browser vulnerability