Restricting PDF editing – How to stop your PDF content and forms from being modified

102

When it comes to PDF restrictions, you wouldn’t be remiss to assume that adding password-based controls in an application like Adobe Reader would be enough. A decade or two ago, you might even be correct. However, while the PDF editing and security landscape has evolved significantly in recent years, many solutions have not been adapted.

Restricting PDF editing
Restricting PDF editing

Before we discuss that further, let’s quickly run over the restrictions you might want to apply to a PDF:

  • Access restriction – to stop unvetted users from viewing a PDF.
  • Sharing restrictions – to prevent copies of PDF files from making their way outside of an organization.
  • Editing restrictions – to allow users to view PDF documents yet keep the information in them intact and untampered with.
  • Printing restrictions – to ensure users can’t create a physical copy of a document that they can then share.
  • Download restrictions – a largely pointless control that attempts to stop users from downloading a document from a web viewer.
  • Emailing restrictions–a method that typically relies on email providers to stop protected documents from being sent. This is usually ineffective on its own as a user can simply upload it to the cloud.
  • Copy & paste restrictions – stops a user from copying the content of a PDF to another application to then share.
  • Restricting offline use – prevents users from opening PDF documents unless they are connected to the Internet and have access to a licensing server.
  • PDF expiry – the ability to have PDFs expire on a set date or after a specified period
  • Access revoking – the ability to revoke access to PDFs that have already been distributed.
  • Screenshot restrictions – stop a user from screenshotting a document so they can share it as an image.
  • Location restrictions – prevents users from opening a document unless they are in a certain location or IP range, such as the office or company headquarters.

If your document is not particularly sensitive, you may only need some or even none of these PDF document restrictions. However, if you’re dealing in legal, financial, or otherwise confidential documents, you’ll need all of them to keep your PDF truly secure.

Software like Adobe Reader does let you apply some of these controls – but they are completely useless since they can be removed in seconds. Adobe uses a password-based system that is easily bypassed by a variety of freely accessible software. While password and permission removal tools were designed to be used only by genuine owners, the reality is that they can be repurposed for nefarious means with no additional input.

In fact, studies have shown that you don’t even need specialized software to bypass Adobe Security controls. All you need to do is open it in MacOS X preview and print to the PostScript format. You can also open and modify the PDF using readers that don’t support Adobe’s restrictions or simply print it from Google Drive to bypass print restrictions.

How to really prevent PDF printing and editing

So, if traditional PDF restriction controls are easily bypassed, can you really stop your PDF forms and content from being modified? The answer is yes, but only with specialized PDF DRM software that restricts PDF editing, copying, sharing and printing.

Document DRM software typically removes the need for passwords, instead of relying on a secure licensing system and transparent key exchange. This means that keys to decrypt PDF files are not exposed to the user so they cannot be removed. The most secure PDF DRM solutions use their own PDF Reader application to ensure that PDF restrictions are always enforced regardless of where your PDF files are.

Unlike Adobe security, DRM controls cannot be removed so you can enforce all the controls to restrict PDF files listed above, including printing, copy-paste, editing, screenshot blocking, expiry dates, access revoking, and location limiting.

To achieve this, document Publishers create an encrypted version of the document with PDF DRM security software that contains all of the controls they desire to restrict PDF use. Then, they add a customer to their PDF DRM system which emails a license key that allows them to open specified PDFs published by that organization using dedicated PDF reader software.

Unlike traditional PDF restriction software, PDF DRM publishers can use a web portal to update the restrictions of the PDF for specific users or organizations at any time. This grants them granular, enforceable, and modifiable controls that just aren’t available otherwise.

Of course, caution is still required. The ability to prevent unauthorized access is not effective if PDFs are provided to the wrong people in the wrong locations. Sending a highly confidential document to a worker at home, for example, risks friends and family being exposed to it. So you will therefore want to ensure it can only be viewed in the office by enforcing location restrictions.

The bottom line, then is that if you have a document of little value, an attacker probably isn’t going to take the time to remove Adobe PDF protection. However, if your PDF has truly valuable information, the only way to stop your PDFs and forms from being modified is a good DRM solution and a strong document security culture.

Viewmore: