Why enabling in-browser viewing of PDFs is risky in SharePoint

I was at a session by Maurice Prather on Secure Coding for the Administrator at the Australian SharePoint Conference 2011. It was a good session and there was a mention of the risks of PDF handling in the browser.

I did some more reading and found that Maurice had written an article which explains the risks of PDF (Pretty Dangerous Files) well.
In short.. you can embed javascript in a PDF document. Java script can be used to also delete/modify a wide variety of things in a SharePoint side through the client object model.

I thought this will be useful to make note of it in my blog. Here is a link to Maurice Prathers article on PDF (Pretty Dangerous Files):
http://www.bluedoglimited.com/SharePointThoughts/ViewPost.aspx?ID=328

You enjoy..

Leave a Reply

Your email address will not be published. Required fields are marked *