manualshive.com logo in svg

Adobe 12001196 - Acrobat - Mac, Руководство пользователя

Продукт Adobe 12001196 - Acrobat - Mac предоставляет пользователю возможность скачать бесплатно руководство пользователя на manualshive.com. Получите подробное описание и инструкции по использованию этого руководства для удобства работы с программой. Воспользуйтесь возможностью загрузить его прямо сейчас для улучшения опыта использования продукта.

Поделиться
Скачать
background image

HTTP header from %s specifies meta-policy 'by-ftp-filename', which is only applicable to FTP, not
HTTP.

A by-ftp-filename meta-policy was found in an X-Permitted-Cross-Domain-Policies HTTP response
header, but it is only valid for FTP servers.

The X-Permitted-Cross-Domain-Policies header has been ignored, but any policy file at this URL has not
necessarily been ignored (there should be a further error message if it is).

Conflicting meta-policy in HTTP header from %s %s

Multiple conflicting meta-policies were found in one or more X-Permitted-Cross-Domain-Policies HTTP
header.

The entire meta-policy string is shown, as received from the server. If multiple
X-Permitted-Cross-Domain-Policies headers were provided, they have been coalesced into a single
header with semicolon-separated values as is normal for HTTP headers. The client applied the most
restrictive meta-policy that was found in this string. It is generally not legal to provide multiple
meta-policies in HTTP response headers; the only exception is none-this-response, which may be
combined with any other meta-policy, but only affects the individual HTTP response where it is found.

Meta-policy %s in HTTP header from %s conflicts with previously established meta-policy %s

Meta-policies are incorrectly configured. It is likely that a less restrictive meta-policy was found in the
HTTP header before a more restrictive policy. The less restrictive meta-policy may have been in effect for
some time until the conflict was found later.

Ignoring <site-control> tag in policy file from %s. This tag is only allowed in master policy files.

A meta policy was specified in a non master policy file. The 

site-control 

tag is only legal in master policy

files (/crossdomain.xml on an HTTP/HTTPS/FTP server, or a socket policy file from port 843).

The meta policy has been ignored, but the policy file has not necessarily been ignored (there should be a
further error message if it is).

Ignoring <site-control> tag in policy file from %s. The 'by-content-type' meta-policy is only
applicable to HTTP sites.

by-content-type 

meta policy was incorrectly specified in the policy for an FTP server since it is only valid

for HTTP and HTTPS servers.

The meta policy has been ignored, but the policy file has not necessarily been ignored (there should be a
further error message if it is).

Ignoring <site-control> tag in policy file from %s. The 'by-ftp-filename' meta-policy is only
applicable to FTP sites.

by-ftp-filename 

meta policy was incorrectly specified in the policy for an HTTP(S) server.

The X-Permitted-Cross-Domain-Policies header has been ignored, but the policy file has not necessarily
been ignored (there should be a further error message if it is).

Ignoring <site-control> tag in policy file from %s. The 'none-this-response' meta-policy is only
allowed in the X-Permitted-Cross-Domain-Policies HTTP response header.

A none-this-response meta-policy was incorrectly specified. It is only valid in the
X-Permitted-Cross-Domain-Policies HTTP response header and is intended as a mechanism by which
HTTP servers can prevent server scripts from generating policy files.

The meta-policy has been ignored, but the policy file itself has not necessarily been ignored (there should
be a further error message if it is).

Unrecognized meta-policy in policy file from %s %s

An invalid meta-policy was specified in the master policy file.

Section 7   Cross Domain Configuration

Application Security Guide

Page 72

Section 7   Cross Domain Configuration

Содержание 12001196 - Acrobat - Mac

Страница 1: ...Acrobat Family of Products Acrobat Application Security Guide all versions...

Страница 2: ...nd the Adobe logo are either registered trademarks or trademarks of Adobe Systems Incorporated in the United States and or other countries Windows Windows 7 and Windows XP are registered trademarks of...

Страница 3: ...ons 15 3 6 FAQs 16 4 Enhanced Security 20 4 1 Feature interaction 20 4 2 Changes across releases 20 4 3 Configuration 21 4 4 Trust overrides 24 4 4 1 Privileged locations 25 4 4 2 Internet Access 25 4...

Страница 4: ...Certificate based permissions 60 7 4 Server configuration 63 7 5 Calling policies via JavaScript 67 7 6 Troubleshooting 67 8 External Content Access 76 8 1 Internet access 76 8 1 1 Changes across rel...

Страница 5: ...to propagate settings across your organization is to configure an installed application and then use the Customization Wizard s registry feature to copy the settings to the application installer Best...

Страница 6: ...robat Describes the security model when Flash runs inside a PDF document Cross Domain Policy File Specification A specification and guide for creating server based cross domain policy files with examp...

Страница 7: ...e potentially malicious based on user preferences and confines processing to a restricted sandbox Note For links to all documentation about Reader s sandbox see http learn adobe com wiki display secur...

Страница 8: ...at is all of Reader s features are available in addition to features that become enabled when a document author uses Acrobat to extend features to Reader users These features include signing existing...

Страница 9: ...I for the file folder or host Create a privileged location via the registry plist by placing a tID at HKCU Software Adobe product name version TrustManager cTrustedSites or TrustedFolders All of the c...

Страница 10: ...ms actions based on those policies and when an admin provides a properly configured policy file the broker can bypass the application s default restrictions The broker first reads and applies all cust...

Страница 11: ...configuration dialog 2 4 FAQs Design principles Some of the high level design criteria for Protected View include the following PDFs in a browser are more functional than PDFs in a Reader s sandbox Fo...

Страница 12: ...casual users who interact with PDFs in unsecure environments There are a limited number of cases where you might want to disable Protected View In enterprise settings where PDF workflows are entirely...

Страница 13: ...vileges Thus processes that could be subject to an attacker s control run with limited capabilities and must perform actions such as reading and writing through a separate trusted process This design...

Страница 14: ...y on XP In enterprise settings where PDF workflows are entirely confined to trusted environments under an administrator s control If you have third party or custom plugins that cause issues when runni...

Страница 15: ...lick and choose New REG_SZ Value 3 Create tBrokerLogfilePath 4 Right click on tBrokerLogfilePath and choose Modify 5 Set the value For example C DOCUME 1 username LOCALS 1 Temp BrL4FBA tmp Policy logg...

Страница 16: ...y must reside in the Reader install directory adjacent to AcroRd32 exe in the install folder for example D Program Files x86 Adobe Reader 10 0 Reader The name of the policy file must be ProtectedModeW...

Страница 17: ...rocesses PROCESS_ALL_EXEC SystemRoot system32 calc exe Registry REG_ALLOW_ANY HKEY_CURRENT_USER Software SomeProgram Mutants MUTANT_ALLOW_ANY imejp Sections SECTION_ALLOW_ANY imejp 3 4 Read policy cha...

Страница 18: ...at a read restricted location on the user s disk or a network share When an FDF or XFDF is opened and it tries to reference a PDF file kept at a read restricted location on the user s disk or a netwo...

Страница 19: ...rted until 10 1 and later Note When a screen reader like JAWS or Window Eyes is already running when Reader is started for the first time on XP systems a warning is shown instructing the user to turn...

Страница 20: ...t configuration are not supported For a current list of issues see http helpx adobe com acrobat kb protected mode troubleshooting reader html Does the fact that Protected Mode invoke two Reader proces...

Страница 21: ...effect on viewing LC Reader Extended PDFs It should work fine out of the box Is there any special status for certified documents so that one can disable Protected Mode only with certified documents No...

Страница 22: ...sion has a limitation with Microsoft Desktop Search and is not installed with Reader X Does the Reader X need to go through the broker if we are saving a Reader extended document Yes Are the policies...

Страница 23: ...r own broker No we do not currently provide the option for developers to write their own brokers but we may do so for future releases Do the Broker and the Sandbox processes share both the WindowStati...

Страница 24: ...ssign trust When content is trusted as a result of a cross domain policy file for example that content is not subject to enhanced security restrictions It is important to understand the various ways t...

Страница 25: ...Acrobat or Acrobat Reader and version 9 0 or 8 0 For 8 x only one key bEnhancedSecurityStandalone controls behavior for both standalone and browser modes Preferences are usually boolean True 1 enables...

Страница 26: ...lue 3 Create bEnhancedSecurityStandalone and or bEnhancedSecurityInBrowser 4 Right click on the key and choose Modify 5 Set the value as follows 0 Disables enhanced security and locks the feature 1 En...

Страница 27: ...Reader_ppc_9 0 plist 2 Go to TrustManager 3 Set EnhancedSecurityInBrowser Boolean YES NO 4 Set EnhancedSecurityStandalone Boolean YES NO 5 Exit the editor Note Do not configure Number For 8 x only on...

Страница 28: ...of cross domain access Users can trust documents on the fly when the PDF opens When the Yellow Message Bar appears choose the Options button and then trust the document once or always Create a privile...

Страница 29: ...ification signature The certification signature is valid The document recipient has specifically trusted the signer s certificate for privileged network operations Configure certificate trust as descr...

Страница 30: ...s untrusted content in the workflow is significantly different than when enhanced security is disabled The feature is specifically designed so that users and admins can preconfigure trust or assign it...

Страница 31: ...ased on the cross domain policy If the PDF opens in the Acrobat Reader standalone application and the FDF data comes back in the https response to a POST GET initiated by the PDF then the FDF data may...

Страница 32: ...ature users can choose to trust a document once or always for the particular action A choice of always adds the document or host to the privileged locations list The message and the options button cho...

Страница 33: ...e settings with the features locked This results in the following All enhanced security protections will be in place Only administrators can configure privileged locations End users cannot change any...

Страница 34: ...obe Adobe Acrobat or Acrobat Reader 9 0 or 10 0 TrustManager bEnhancedSecurityStandalone dword 00000000 bEnhancedSecurityInBrowser dword 00000000 bTrustOSTrustedSites dword 00000001 4 7 Troubleshootin...

Страница 35: ...aScript Allow JavaScript globally by API or by trusting specific document for it Configuration is possible either through the user interface the registry or both as follows User interface Application...

Страница 36: ...eCertificateBasedTrust provides a way to make certified documents trusted as a privileged location 5 4 Disabling JavaScript Global JS configuration may occur via the user interface or the registry pli...

Страница 37: ...an API and the other does not the API is blocked 5 5 1 Blacklist locations Macintosh Policy deployment is specific to Windows so Macintosh has only one update path blacklist at Contents MacOS Prefere...

Страница 38: ...Key 4 Create tBlackList right click in the right hand panel and choose New String value 5 Enter tBlackList 6 Right click on tBlackList and choose Modify 7 Add the APIs to block as a pipe separated li...

Страница 39: ...is the JavaScript Blacklist Framework Tool for Acrobat and Adobe Reader The tool offers protections against an entire class of vulnerabilities that target JavaScript APIs 5 5 4 1 Installation To insta...

Страница 40: ...a current list of APIs from an Adobe server but presents a default list if an Internet connection is unavailable To use the tool 1 Choose Start Programs JS Blacklist Framework for Adobe Reader or Acr...

Страница 41: ...p trustFunction Executing non privileged JS calls via menu items is not blocked whether this box has been checked or not 5 6 1 Trusted override There are several ways to assign trust so that this feat...

Страница 42: ...ith security restrictions These are marked by an S in the third column of the quick bar in the JavaScript for Acrobat API Reference These methods can be executed only in a privileged context which inc...

Страница 43: ...5 8 1 1 Certificate trust You can control script behavior on a per certificate basis or by using trust anchors If a signer s certifying certificate chains up to another certificate a trust anchor that...

Страница 44: ...on the YMB An untrusted document that tries to invoke an URL via JS displays the YMB by default The user is given the option to trust the document for such actions via the Options button on the YMB 5...

Страница 45: ...effort to provide granular control over document behavior The behavior across versions is as follows 5 12 1 9 1 and 8 1 6 and earlier If the application has JavaScript enabled Non high privileged Jav...

Страница 46: ...message bar JS off warning 9 2 and 8 1 7 and later High privileged JavaScript will not execute unless the user has established a prior trust relationship with the document via a trusted certificate or...

Страница 47: ...ly sandboxed processes are specifically prohibited from writing to that folder Thus the most secure operation involves enabling Protected View in Acrobat and Protected Mode in Reader thereby sandboxin...

Страница 48: ...is will export the stored global variables to the new Acrobat session Or Copy glob js and glob setting js from the old JavaScripts folder to the Program Files Adobe Reader JavaScript folder and then d...

Страница 49: ...ed if the file extension is associated with the requisite program File types on the black list These can be attached but a warning dialog appears stating that they cannot be saved or opened from the a...

Страница 50: ...e type version 1 ade 3 adp 3 app 3 arc 3 arj 3 asp 3 bas 3 bat 3 bz 3 bz2 3 cab 3 chm 3 class 3 cmd 3 com 3 command 3 cpl 3 crt 3 csh 3 desktop 3 dll 3 exe 3 fxp 3 gz 3 hex 3 hlp 3 hqx 3 hta 3 inf 3 i...

Страница 51: ...user interface resetting the list to its original state may result in the highest level of security To reset the black and white lists 1 Choose Preferences Trust Manager 2 In the PDF File Attachments...

Страница 52: ...to the white list and prevents future warnings Never allow opening files of this type Adds the file type to the black list and does not open it 4 Choose OK Launch Attachment dialog 6 3 Blacklisted ext...

Страница 53: ...t Microsoft mas Access Stored Procedures Microsoft mat Access Table Shortcut Microsoft mau Media Attachment Unit mav Access View Shortcut Microsoft maw Access Data Access Page Microsoft mda Access Add...

Страница 54: ...Folder url Internet Location vb VBScript file or Any VisualBasic Source vbe VBScript Encoded Script file vbs VBScript Script file Visual Basic for Applications Script vsmacros Visual Studio NET Binary...

Страница 55: ...wed via the user interface cross domain policy files support all the mime types specified in the Cross Domain Policy File Specification 7 1 Cross domain basics 7 1 1 Same origin policies As the Acroba...

Страница 56: ...b com hosts a policy and requires credentials for access then any documents served from the domains listed in b com s policy file gain the right to use those credentials on the user s behalf Now that...

Страница 57: ...by the enhanced security preference Acrobat s cross domain support becomes important when Enhanced security is enabled because uncontrolled cross domain access should not be permitted You require sele...

Страница 58: ...le deployment pattern allows developers to employ the Web Service Proxy pattern In this design pattern new Web services are authored using LiveCycle at the same origin as the hosted document which the...

Страница 59: ...policy file containing a wild card or the local file must be in a privileged location Local files A PDF can be opened directly from a local disk or referenced by a file URL Files have no domain when t...

Страница 60: ...aders in cross domain requests The cross domain feature introduced with 9 0 allows administrators to Create a cross domain policy based on a specification Configure access to a broad range of location...

Страница 61: ...le com crossdomain xml the default location that clients check when a policy file is required Policy files hosted this way are known as master policy files allow access from Allowing access to root do...

Страница 62: ...ccess to this target domain it does define a meta policy that allows other policy files within this domain to determine how access is handled In this case the client is instructed to look for a policy...

Страница 63: ...1 0 DOCTYPE cross domain policy SYSTEM http www adobe com xml dtds cross domain policy dtd cross domain policy allow access from domain example com to ports 507 516 523 cross domain policy 7 2 8 Crede...

Страница 64: ...der 9 1 introduces an extension to cross domain policies that enables cross domain access on a per document basis You do so by identifying a certified document signed with a specific certificate that...

Страница 65: ...ow Signature Properties 3 Choose the Details tab in the Certificate Viewer to see the list of all data for the selected certificate 4 In the Certificate Data pane select the SHA1 digest field 5 In the...

Страница 66: ...e 9 In the Certificate Data pane select the SHA1 digest field 10 In the bottom pane highlight and copy the hex data fingerprint Note You should now remove the ID from the machine so that it doesn t ex...

Страница 67: ...er configuration Policy files function only on servers that communicate over HTTP HTTPS or FTP 7 4 1 Policy file host basics When creating and using a policy file the following rules apply It s name m...

Страница 68: ...t grant permissions for socket based connections For a socket connection a policy file can be used for both same domain connections as well as connections made across domains 7 4 3 Server setup exampl...

Страница 69: ...ee cluster apps sap com com sap eng crossdomain xml 2 Specify the MIME type for the policy file For Netweaver 7 0 Netweaver 7 0 EhP1 and Netweaver 2004 1 Open the Visual Administrator 2 Choose the Pro...

Страница 70: ...You must specify the file extension first and then the MIME type and separate them by a comma For example xml text x cross domain policy 5 Choose Save Changes 7 4 3 4 Windows Cross domain configurati...

Страница 71: ...as app loadPolicyFile url will affect other PDFs opened during that client s session For details refer to the JavaScript for Acrobat API Reference SWFs can load policies from other locations via the...

Страница 72: ...updates and later allow configuration via the user interface To do so 1 Choose Edit Preferences Windows only 2 Select Security Enhanced in the Categories panel 3 Check Create log file Enhanced securi...

Страница 73: ...found The URLs indicate The resource requested Where the PDF was loaded from The policy file granting the permission Note It is possible that multiple policy files would have permitted the operation...

Страница 74: ...and can t be found Verify the files are correctly pointed to A policy file exists but is invalid for some reason In this case this message should be preceded by a more specific message that shows the...

Страница 75: ...Moselle Firefox 2 0 0 3 and earlier 2 0 0 4 and later Safari Macintosh 2 x and earlier 3 x and later strict Policy file requested from s redirected to s will use final URL in determining scope An HTTP...

Страница 76: ...er policy file The site control tag is only legal in master policy files crossdomain xml on an HTTP HTTPS FTP server or a socket policy file from port 843 The meta policy has been ignored but the poli...

Страница 77: ...server should explicitly declare a meta policy rather than relying on this implicit mechanism This can be done using a site control tag in the master policy file or using the HTTP response header X P...

Страница 78: ...Acrobat clients should not receive these messages However since Acrobat leverages the Flash model these are provided for informational purposes Root level SWF loaded s Only pertinent to Flash Found se...

Страница 79: ...ent to Flash and socket policy files strict Local socket connection forbidden to host s without a socket policy file Only pertinent to Flash and socket policy files Application Security Guide Section...

Страница 80: ...ver Trust Manager internet access settings 8 1 2 Configuration For 9 2 and earlier this feature overrides enhanced security settings for files and folders With 9 3 enhanced security settings take prec...

Страница 81: ...hether or not URL access is allowed on a global or per URL basis Manage Internet Access dialog For URLs that aren t explicitly trusted or blocked they are not on the white or black list a warning appe...

Страница 82: ...he Authplay dll for playing content is defined as non legacy multimedia Files like flv and h 264 encoded files play by default The Yellow Message Bar doesn t appear in the presence of these media type...

Страница 83: ...buttons choose Trusted documents or Non trusted documents The Trust Manager displays the selected trust preferences Note Beginning with 9 5 and 10 1 2 trust for legacy multimedia formats is stored in...

Страница 84: ...or the file folder or host With 9 5 10 1 2 and later create a privileged location via the registry plist by placing a tID at HKCU Software Adobe product name version TrustManager cTrustedSites or Trus...

Страница 85: ...e For versions 8 2 9 3 to 9 4 7 10 1 1 this feature does not interact with enhanced security and the Trusted Documents list is not the same as the privileged locations list Trust is stored in a file c...

Страница 86: ...ct by flags which are defined in the PDF Reference For example an URL might point to an image external to the document Only PDF developers create PDF files with streams so you may not need to enable a...

Страница 87: ...nt Trust files folders and hosts as privileged locations via Preferences Security Enhanced Privileged Locations panel so that when a PDF with 3D content opens If it is trusted the 3D content renders I...

Страница 88: ...ontent in a PDF Enterprise IT can control how Flash plays within PDFs by setting the bEnableFlash registry entry Win or EnableFlash plist entry Mac When set to 0 Flash only plays if the PDF is a trust...

Страница 89: ...trust is assigned Permissions granted by other features often overlap For example cross domain policies internet access settings in Trust Manager and certificate trust settings for certified documents...

Страница 90: ...iction The Win OS Security Zone setting in the Privileged Locations panel now includes Local Intranet zones in addition to the current Trusted Sites zone The product should assign trust as Internet Ex...

Страница 91: ...edFolders cTrustedSites The container cab determines which restriction the document can bypass For example a tID under cCrossDomain allows cross domain access For a complete list of available preferen...

Страница 92: ...e recursive modify the name by appending _recursive to it Registry Configuration Recursive trust HKEY_CURRENT_USER Software Adobe product name version TrustManager cTrustedFolders cScriptInjection t5_...

Страница 93: ...setting via the UI as follows by setting bDisableOSTrustedSites as follows 0 Disables trusting sites from IE and locks the feature 1 Enables trusting sites from IE and locks the feature HKEY_LOCAL_MAC...

Страница 94: ...s List 9 x Choose Security Manage Trusted Identities and from the Display drop down list choose Certificates 10 x Choose Tools Sign and Certify More Sign and Certify Manage Trusted Identities and From...

Страница 95: ...ternal content access 1 Choose Edit Preferences Page Display Windows or Acrobat Preferences Page Display Macintosh 2 Configure the Reference XObjects View Mode panel by setting Show reference XObject...

Страница 96: ...cal components of information assurance For example signing certificates in certified documents can be used to assign trust for operations that would otherwise be restricted by enhanced security This...

Отзывы:

Нет отзывов

Похожие инструкции для 12001196 - Acrobat - Mac

DAVIS and Vantage Pro Getting Started Manual preview
and Vantage Pro
Бренд: DAVIS Страницы: 16
Native Instruments Scarbee Mark 1 User Manual preview
Scarbee Mark 1
Бренд: Native Instruments Страницы: 14
TC Electronic RESTORATION SUITE User Manual preview
RESTORATION SUITE
Бренд: TC Electronic Страницы: 31
BrainMaster BMrMMP User Manual preview
BMrMMP
Бренд: BrainMaster Страницы: 14
Mitsubishi Gpredict 1.2 User Manual preview
Gpredict 1.2
Бренд: Mitsubishi Страницы: 64
Promise Technology FastTrak SX Series Version 4.4 User Manual preview
FastTrak SX Series Version 4.4
Бренд: Promise Technology Страницы: 102
Nexo NXtension-ES User Manual preview
NXtension-ES
Бренд: Nexo Страницы: 24
Juniper STRM 2008.2R2 - UPGRADING TO STRM 2008.2R2 REV 2 Upgrade Manual preview
STRM 2008.2R2 - UPGRADING TO STRM 2008.2R2 REV 2
Бренд: Juniper Страницы: 5
GRASS VALLEY Aurora Edit Security Application Note preview
Aurora Edit Security
Бренд: GRASS VALLEY Страницы: 5
Nikon 25338 User Manual preview
25338
Бренд: Nikon Страницы: 240
Autodesk 24108-051462-9000 - AUTOCAD REVIT ARCH STE 08 COMM NEW SLM DVD Questions And Answers preview
24108-051462-9000 - AUTOCAD REVIT ARCH STE 08 COMM NEW SLM DVD
Бренд: Autodesk Страницы: 11
Autodesk 057A1-05A111-10MD - AutoCAD LT 2009 Manual preview
057A1-05A111-10MD - AutoCAD LT 2009
Бренд: Autodesk Страницы: 31
Autodesk 12909-091452-9750 - Map 3D 2006 Student Edition Installation Manual preview
12909-091452-9750 - Map 3D 2006 Student Edition
Бренд: Autodesk Страницы: 35
Autodesk 057A1-05A111-10MB - AutoCAD LT 2009 Installation Manual preview
057A1-05A111-10MB - AutoCAD LT 2009
Бренд: Autodesk Страницы: 58
FieldServer FS-8700-70 Driver Manual preview
FS-8700-70
Бренд: FieldServer Страницы: 14
Mackie DIGITAL XBUS - SOFTWARE Installation Manual preview
DIGITAL XBUS - SOFTWARE
Бренд: Mackie Страницы: 8
Native Instruments Studio Drummer User Manual preview
Studio Drummer
Бренд: Native Instruments Страницы: 41
I.R.I.S. IRISSCAN 2 Getting Started Manual preview
IRISSCAN 2
Бренд: I.R.I.S. Страницы: 3

Бренды по названию

Популярные бренды

Загрузить еще бренды