Sunday, July 11, 2010

Security first - pdfs and embedded files

A short posting with an example of the screenshot from a pdf reader ( Okular )

Pdf generators sometime include some of the settings for how the pdf was generated into the final pdf itself.

A security conscious pdf reader should give the user some information, rather than just rendering the embedded file:


When generating the pdf using a very feature rich Pdf Writer, there are many, many, options such as the CMYK profile.

Adobe Distiller likes to include a file named 'folder.options' (or similar) that contains entries like the following:
  • CompatibilityLevel 1.3
  • PDFXCompliantPDFOnly false
...and so on.

There is just one advantage I can see from having a copy of the embedded folder.options ...
...to see for yourself the compatibility settings which the author thought were
appropriate for the distribution of their published pdf.


Hybrid PDF/ODF export from OpenOffice:


Whilst on the subject of embedded files, I am running a recent version of OpenOffice (3.2) and noticed that pdf export has a new checkbox labelled 'Create hybrid file'

If you want maximum compatibility with people using open source AND adobe readers, then be wary of ticking 'Create hybrid file'.

Whilst it might seem convenient for yourself, I suggest you do some thorough testing with Adobe reader software before creating hybrid PDF/ODF files for wider distribution.


OpenOffice version 3 prior to version 3.2 and ColorSpace:

 If you have sent a pdf to a colleague and they have reported back they were unable to read it and their reader software reported 'invalid ColorSpace', then
consider running OpenOffice 3.2

( OpenOffice 3.2 was released in February 2010 and has better compatibility with the latest versions of Adobe reader )

OpenOffice 3.2 is the default version for the upcoming Debian Squeeze release.