Secure form beyond Livecycle Pdf Security

[AndyP]

I am looking to secure my form beyond the Livecycle security, so that if it is opened in a non Adobe product, or someone manages to get beyond the Password Key, some script hides a part of the form that renders it inoperable.

Has anyone done this before - perhaps to somehow hide variables within the form if opened on another PC other than my own?

Thanks

Andy

[John Nesbitt]

I think you'd find most other PDF reader clients wouldn't know what to do with XFA (LiveCycle) forms. Adobe Reader / Acrobat is the only client I know that is fully compliant with the XFA standard. Most other readers either don't understand XFA at all or implement a very small subset of the functionality. XFA forms are contained within a "proper" PDF that simply has a message that says something like "If you see this then your client is not compatible" - this message is replaced with the form contents if the client is capable of rendering an XFA form. The problem you'd face is for reader clients that can render XFA but aren't necessairly 100% compliant with the latest XFA standard and therefore they may not be able to execute your scripts to disable the form.

 

I'm not sure what sort of things you are trying to secure but usually the most important thing in a form is the data. Anyone with a copy of Acrobat can very easily extract the data from an XFA form (provided they can open the form that is secured with a password). Also, anyone with a copy of LiveCycle Designer can also open your form (again, they'd have to know the password) and remove your scripts that disable the form.

 

LiveCycle Rights Management is perfect for ensuring that only appropiate people see the documents you produce. However, I don't know for sure if you can secure XFA forms with it (as they are proper PDFs at some level, perhaps you can but I've seen nothing concrete to say you can).

 

John.

[AndyP]

Thanks Guys - what I am trying to do is secure the form (which has calculation events within it) so that if opened in a non-reader environment or hacked via a Pdf Password crack , the calculations cannot be seen (or actually delete themselves). I hope that make sense?

[Ed Mcallister]

You can use a javascript scrambler, there's one I use here:

 

http://www.tero.co.uk/scripts/scrambler.php

 

It doesn't work for all your code and I advise you to make a backup, but you can certainly select pieces of code to make it intelligible.

 

Smiffysan

--
You received this message because you are subscribed to the Google Groups "Adobe LiveCycle Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to livecycle+...@googlegroups.com.
To post to this group, send email to live...@googlegroups.com.
Visit this group at http://groups.google.com/group/livecycle?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.
 
 

[Murali Raghavan]

Hmmm not sure how to delete code... Can you put the validation in server? You can try a web service call put the validation in it...

--

[Kai Koenig]

Well, security by obfuscation is not really security. It might make it more inconvenient for the average skilled person playing around with your form, but it'll make it take 5 seconds or so longer to hack for someone who knows what they're doing.

You always have to assume that client-side code in any environment can be worked around in some way, doesn't matter if it's web or a pdf container. I strongly advise clients to never put their trade secrets (formulas, calculations etc) into client-side code.

Cheers

Kai