Help talk:Security/PDF files

From mediawiki.org
Jump to navigation Jump to search

Shouldn't this page be translatable? (ping Tgr). Danmichaelo (talk) 12:17, 12 April 2015 (UTC)

It certainly should. I marked it for translation (I hope :) - not familiar with the translation workflow.) --Tgr (WMF) (talk) 19:55, 13 April 2015 (UTC)

Linking to a pdf file[edit]

Isn't it a bit ironic that a page warning about the security risks of PDFs links to a pdf file for more information? Legoktm (talk) 21:35, 3 June 2015 (UTC)

And over HTTP to a social networking site, even. I found [1] but there is no HTTPS. Nemo 10:00, 3 April 2016 (UTC)

Vague statement[edit]

@Tgr (WMF): "Adobe Acrobat, with its default settings, is NOT safe." Can we clarify that? What exactly is meant by "safe" here? If we're going to make such scathing statements we should at least take the time to explain them. This, that and the other (talk) 03:39, 15 August 2015 (UTC)

I believe that was based on T89744#1047730. 4.2.1 of [2] is also interesting, if a bit dated. --Tgr (WMF) (talk) 04:25, 15 August 2015 (UTC)

The statement was meant in the context of that particular issue-- in all of my testing, opening a PDF document with Acrobat Reader (where all of the Reader options had been left as default) on Windows (I tested XP through 8, iirc) would automatically open the URL in the system's default web browser, thereby revealing the IP address of the reader to whoever owns the server where the URL points. CSteipp (WMF) (talk) 17:55, 21 September 2015 (UTC)

Plugins[edit]

What makes us believe that Firefox and Chrom(e|ium) plugins are the safest PDF readers? Nemo 10:00, 3 April 2016 (UTC)

In general, I think all this information is too vague to be useful for real users. We should directly tell people to use either Firefox or Chromium plugins or a reader from https://pdfreaders.org , and at any rate avoid proprietary readers. --Nemo 16:28, 26 June 2017 (UTC)

There are a couple reasons to expect browser-based PDF readers to be more safe:

  • the security problems around PDFs tend to be related to either web fetches or Javascript; those are both core competencies for browsers and huge amounts of (non-PDF-related) work have been applied to make them work safely. The same is not true for most other PDF client vendors.
  • security is much more of a reputation issue to browser vendors than to office tool vendors so it's reasonable to assume they invest much more resources into it. Past examples of how often security breaches happen and how they are handled seem to confirm this.
  • browsers are highly sophisticated sandboxes .Firefox implements PDF rendering in pure JS so even in the case of implementation errors the fallout is limited. Chrome is less safe but probably still uses the same sandboxing it generally uses for plugins.

Being opensource helps security-wise but it's not that important, IMO. The Chrome PDF viewer was in face closed-source until not so long ago. I would still have trusted it more than software written by a vendor in the desktop publishing space. --Tgr (WMF) (talk) 16:08, 4 July 2017 (UTC)