This week's giveaway is in the Spring forum.
We're giving away four copies of REST with Spring (video course) and have Eugen Paraschiv on-line!
See this thread for details.
The moose likes Security and the fly likes Open PFD in browser vulnerability Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login

Win a copy of REST with Spring (video course) this week in the Spring forum!
JavaRanch » Java Forums » Engineering » Security
Bookmark "Open PFD in browser vulnerability" Watch "Open PFD in browser vulnerability" New topic

Open PFD in browser vulnerability

Fahim Farook

Joined: Mar 20, 2011
Posts: 12
We have a Java based web application deployed on WebLogic. We provide direct links to some PDF files, which the users can download/ open in their browser. Our security team is claiming that to allow opening PDF files in the browser is security risk. So they want to force the users to download the PDF files first rather than opening them in the browser window.

Is their a way to programmatically prevent the user from opening the PDF files in the browser window and to force downloading the PDF files first?
Ulf Dittmer

Joined: Mar 22, 2005
Posts: 42959
That totally depends on client-side (i.e., browser) settings over which the web app has no control. I'm having a hard time seeing how opening the PDF in the browser is any more of a security risk than opening it using a standalone app, though.

If I wanted to protect users from PDF vulnerabilities, the first thing I'd do is to delete Adobe Reader from every computer. Any other way of viewing PDFs has got to be more secure (like Preview on OS X, or Firefox's builtin-in viewer).
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
subject: Open PFD in browser vulnerability
It's not a secret anymore!