Mario said:
VanguardLH wrote ...
I have Adobe player and view just fine.
My question is does any part of the document need to download,
into my system even temporarily to view the document.
Basically, when I view an online PDF am I viewing it completely
online or does it need to enter my system first.
Everything you see in your web browser has to "download" content to your
computer. Whether it be a .txt file shown inside the web browser's own
window, or a .pdf file that an AX control handles to display inside the
web browser (or in a separate window for the PDF viewer app), or an .xml
file that normally just shows as a hierarchical text file, or an .html
file to download the code (which is text and can be viewed as such), it
ALL has to download to your computer for your computer to do anything
with it (execute it, display it, store it, whatever). Even streamed
video or music content where you only get a limited number of bytes at a
time still downloads to your computer so it can be rendered there.
The .pdf file that you are viewing gets downloaded to your computer. It
most likely has a copy stored in the TIF cache folder for the web
browser. The file has to exist on your host for the viewer app to then
display it to you.
The reason I'm asking is that some pdf's carry malicious code.
Assume I have no viral protection.
No matter what PDF viewer you use, and unless you are using some really
crippled, defective, or severely deficient PDF viewer, they all let you
disable Javascript support. It is extremely rare that you will ever get
a .pdf file that contains Javascript. That is to make the content
dynamic, like validating input to fields in a form. For security sake,
always ALWAYS A-L-L-W-A-Y-S disable Javascript in the PDF viewer (and
the same in whatever media viewer you use). If you happen to get a
legit .pdf file that uses Javascript, the author that gave you that file
should say so (and then only enable Javascript if you trust the author,
and why most times Javascript-enabled .pdf files are only found in-house
in a company).
You should also consider switching to a different PDF viewer app. Adobe
*READER* (not "player"), as with *any* software, isn't perfect code so
there exist vulnerabilities. However, as with Windows, it is the
popular PDF viewer and why it gets targeted by malcontents. PDF-Xchange
is a far superior PDF viewer, is far smaller for its disk footprint, is
smaller in its memory footprint, is faster to load, and will even warn
you if a .pdf file has script inside of it. Another vulnerability with
PDF is that it may not even use script but carry a "command" that tries
to execute when you open the file. It *should* be safe but, again,
there are vulnerabilities and defects always found in software code (and
what was iron-clad before may not be later). PDF-Xchange will warn you
if the PDF file carries a load-time command. I have Javascript
disabled. PDF-Xchange warns me if a PDF has script inside of it (so I
could decide later to reenable Javascript if I really needed that code
to execute to provide for a dynamic-input file), and it warns me if it
carries a command that it will try to execute. Of course, you could
subvert this protection depending on how you choose to reconfigure
PDF-Xchange. Something else that PDF-Xchange gives you is the ability
to annotate an existing .pdf file (i.e., you can add your own comments).
You don't need the full blown Adobe Acrobat.
http://www.tracker-software.com/product/pdf-xchange-viewer
It's smaller, faster, and more secure than Adobe Reader. If you're
going to stick with Adobe Reader for stubbornness sake then, at least,
disable Javascript within it. I would also suggest you disable its
auto-update "feature".
