Skip to main content
A
Anonymous
May 11, 2019
Answered

PDF Security

  • May 11, 2019
  • 1 reply
  • 1262 views

I've received a signed .pdf as an email attachment issued from Adobe sign.  I was able to open the .pdf without being asked for a password or to install any certificates.  When I check the document security, the 'Document Open Password' field is set to  'No'.   I'm concerned that anybody who access to the.pdf would be able to Open and read it.   This could include anybody who is able to access any of the mail servers used in the transmission of the emal.  Am I being over paranoid ?

This topic has been closed for replies.
Correct answer ScottCarter

Greetings!

To add a little more color to the previous observation (in case anyone references this thread in the future), Adobe Sign does have controls to apply a password to the signed PDF before it is sent to the recipient.

Further, customers in muti-license accounts have the ability to either a) not attach the PDF to the Signed and Filed email, or b) suppress the email entirely.

The assertion that "Adobe Sign does nothing to restrict access to the document" is only true if the account/agreement is configured by the user to work that way.  The options for security are available.

Customers that generate agreements which contain or collect personal/sensitive information should strongly consider delivering only the email, without the attached PDF.

Signers that want a copy could then be advised to create a free account with Adobe Sign and download a copy directly from the authoritative original.  Yes, that is perhaps a lot of friction, but that friction is security.

1 reply

D
Dave Merchant
Legend
May 11, 2019

You're perfectly correct. Adobe Sign does nothing to restrict access to the document contents, the digital signature applied merely certifies that someone signed it at a certain time. Anyone who gets hold of the PDF (through whatever route) can read it.

Since email is fundamentally an insecure transport medium, with the vast majority of SMTP hops happening in plain text, you should never use a document management service that sends out email copies for any confidential or legally-protected purpose.

A
Anonymous
May 11, 2019

Thank you for the quick answer.  Much appreciated.

S
ScottCarterCorrect answer
Participating Frequently
May 12, 2019

Greetings!

To add a little more color to the previous observation (in case anyone references this thread in the future), Adobe Sign does have controls to apply a password to the signed PDF before it is sent to the recipient.

Further, customers in muti-license accounts have the ability to either a) not attach the PDF to the Signed and Filed email, or b) suppress the email entirely.

The assertion that "Adobe Sign does nothing to restrict access to the document" is only true if the account/agreement is configured by the user to work that way.  The options for security are available.

Customers that generate agreements which contain or collect personal/sensitive information should strongly consider delivering only the email, without the attached PDF.

Signers that want a copy could then be advised to create a free account with Adobe Sign and download a copy directly from the authoritative original.  Yes, that is perhaps a lot of friction, but that friction is security.

    Terms & ConditionsAccessibility statement
    Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices