The application of security on documents has always been a delicate balancing act between ease-of-use and adequate protection for the document's contents. When the documents contain commercial content, insufficient security can mean lost income; when the protected content is sensitive confidential information, the consequences can be far more dire. On the other hand, if product documentation were to be password-protected, users may not be able to access it. This illustrates the point that stronger security doesn't necessarily mean that it's a better fit, so it's important not to mistake capability for imperative with regards to security.
There is a high level of granularity available in Acrobat 7 Professional and its associated products. For instance, it's possible to limit printing, the selection -- and hence, copying -- of text and image, prohibit changing the document or merging with other documents. It's also possible to prevent users from filling form fields or digitally signing the document. If the document is PDF version 1.6 (i.e. only compatible with Acrobat version 7 and above), then there are even more options, and all of this is just Acrobat's standard security! With Acrobat 7 Professional, it's even possible to separately encrypt a PDF document and its attachments. There are of course additional security measures available: depending on the needs of the document distributor, it's also possible to digitally sign a document to indicate approval and prevent changes from being made to the document, incorporate real-time authentication of a document each time someone attempts to open it and to limit the number of times a document can be opened. Because of the many options available, the primary focus of this article will be to cover general security usage principles and to briefly cover the various options directly available in Adobe Acrobat 7 Professional.
When deciding on the security measures needed for a given PDF document, the first questions you need to ask yourself relate to the document's purpose and intended audience:
- Who is the document's intended audience? (e.g. all web site visitors, printers, or personnel who have signed an NDA. Which version of Acrobat or Reader are they using? Does the content need to be available to screen-reading assistive technologies?)
- Where are you sending, posting or filing it? (e.g. prepress house, company web site, or corporate intranet.)
- What kind of information is contained in the PDF? (e.g. text, graphics, multimedia.)
- How will your intended audience use the document? (e.g. filling forms, forwarding by email, reviewing, updating or fixing the file.)
Once these initial questions are answered, the required document security measures start to take shape. For instance, if the document's intended audience is internal to the company and contains sensitive financial information, it will need to be protected from unauthorized changes and access by unauthorized personnel.
The built-in encryption method provided by PDF allows for the following functionality. A document has two passwords: an owner password and a user password. The document also specifies operations that should be restricted even when the document is decrypted: printing; copying text and graphics out of the document; modifying the document; and adding or modifying text notes and AcroForm fields. When the correct user password is supplied, the document is opened and decrypted but these operations are restricted; when the owner password is supplied, all operations are allowed. The owner password is required to change these passwords and restrictions.
A document is encrypted whenever a user or owner password or restrictions are supplied for the document. However, a user is prompted for a password on opening a document only if the document has a user password.
When you see the icon Adobe Acrobat Reader Security Iconat the bottom left of the Acrobat/Acrobat Reader program window, it indicates that the PDF file is secured. Place your mouse cursor over that 'locked' icon, and you will see a listing of the security options that were applied to the file.
For more information about a file's security settings, you can click "File|Document Properties" in the Acrobat/Acrobat Reader menu bar. Then select the Security tab to show more detail about the file restrictions.
Note: if you are using Acrobat Reader, some restrictions will always be in effect , even if the file has not been encrypted, because Acrobat Reader does not allow comprehensive control. The restrictions may include: Document Assembly, Commenting, Signing, etc.