onopen for security

Edit Subject

I have a directory of pdf files aquired from various sources,
I would like to 'disarm' these files from any javascript/onopen/embedded flash/activeX files etc for security reasons,

(just leave text/fonts/formatting/graphics)

since pdf files are today one of the most common ways to invoke exploits,

ideally this would be possible to do in batch,

also an option to batch edit any metadata would be nice, but not as important as the above function,

please note that javascript can be obfuscated as mentioned here:
http://zeltser.com/reverse-malware/an...

there is no such tool avaliable today

thanks

/M

2 people like
this idea +1

Not planned

EMPLOYEE

0

Edit

Delete

Remove

Official

Sascha Beaumont (Technical Product Manager) November 28, 2011 21:34

Hi,

While Nitro won't let you batch remove JavaScript - you can disable JavaScript entirely via the Nitro preferences in both Pro and Reader.

Additionally as Nitro does not yet support embedded multimedia in PDF (Flash, Audio, ActiveX, etc.) there is no security issue there. If and when we do add multimedia support, a preference to disable this for security purposes would also be provided.

While not suitable for batch processing and redistributing your collection of PDF files - Nitro does provide an ideal solution for an individual user wishing to secure an individual PC.

For batch manipulation of PDF metadata, I suggest using pdftk - its very easy to use command line tool (we even use it at Nitro sometimes for testing!)

Additionally there is the open source PDF Javascript Stripper project on sourceforce - this is more complicated to use and requires knowledge of Java development tools and libraries.

After searching for variations on "pdf javascript stripper", I was able to find at least two existing commercial (paid) products that seem to meet your requirements - however I have only tested myself the two open source solutions posted above.

Hope that helps!

Comment

good point! good point! (undo)
- Cancel
Edit Your Reply (some HTML allowed)
What's the status of this idea?

Hi, While Nitro won't let you batch remove JavaScript - you can disable JavaScript entirely via the Nitro preferences in both Pro and Reader. Additionally as Nitro does not yet support embedded multimedia in PDF (Flash, Audio, ActiveX, etc.) there is no security issue there. If and when we do add multimedia support, a preference to disable this for security purposes would also be provided. While not suitable for batch processing and redistributing your collection of PDF files - Nitro does provide an ideal solution for an individual user wishing to secure an individual PC. For batch manipulation of PDF metadata, I suggest using <a href="http://pdftk.sf.net/">pdftk</a> - its very easy to use command line tool (we even use it at Nitro sometimes for testing!) <a href="https://s3.amazonaws.com/satisfaction-production/s3_images/639867/disable-js.png"><img src="https://s3.amazonaws.com/satisfaction-production/s3_images/639867/disable-js_inline.png" alt="" /></a> Additionally there is the open source <a href="http://pdfjavascriptst.sourceforge.net/">PDF Javascript Stripper</a> project on sourceforce - this is more complicated to use and requires knowledge of Java development tools and libraries. After searching for variations on "pdf javascript stripper", I was able to find at least two existing commercial (paid) products that seem to meet your requirements - however I have only tested myself the two open source solutions posted above. Hope that helps!

How does this make you feel? Add Image

I'm
e.g. sad, anxious, confused, frustrated kidding, amused, unsure, silly indifferent, undecided, unconcerned happy, confident, thankful, excited
Cancel