What's the real world risk to the system of disabling Global Object Security Policy

Thanks Amal.

That discussion didn't answer my question as per my first statement.  That's why i elaborated explicitly on what I am asking, which that discussion back in 2017 didnt address

Hi there

The Global Object Security Policy (GOSP) is a setting in many supported PDF readers which controls how cookies behave. The default setting is “enable global object security policy” which means that every time someone renames a file or moves a file to a different location, a different cookie is created each time.

Since DRM protected content relies on these cookies to track the number of ‘devices’ that a user opens the protected PDF, you will be required to disable this feature to open and view DRM protected PDFs.

Additional info: Please check the similar discussion that i have found on MS support page https://answers.microsoft.com/en-us/windows/forum/all/global-security-policy-settings-message-this/a... and see if that helps.

Hope this information will help.

~Amal

Thanks again Amal.

I've read what you've posted on Adobe docs.  It only says what it is but doesn't say what are the risks if I disable it.

This option was disabled by default.  "It is ok" to disable it because DRM needs it is strange.  That's why I would like to understand what kind of exposure am I facing by disabling it?  It can't be none if it was disabled by default.  This is not document level setting but Adobe acrobat setting which will be used by all pdf docs opened using Adobe acrobat.

Hi there

This policy restricts the use of a global scripting object within the application. This object is accessible to all programs across different contexts and can persist information across sessions. Its unrestricted accessibility poses a potential security risk, allowing anyone to access stored data without requiring knowledge of specific item names.

Disabling this feature is an option to mitigate these security concerns.

A responsible approach for developers involves refraining from storing sensitive data within this object. Alternatively, if necessary, sensitive data should be encrypted, hashed, or at least obfuscated to enhance security.

Please note that enabling this option may result in certain scripts malfunctioning.

Hope this answers your query.

~Amal

Got your issue resolved? Please label the response as 'Correct Answer' to help your fellow community members find a solution to similar problems.

Again, I've already stated that in my original post.  I'm aware that it's readable by others.  My question is, as per my original post, 

is there any risk of one document implanting a malware/virus  in the global object, which affects other documents?  Or in more general term, is there any risk by disabling the policy, which may results in a much wider thread?

It sounds to me like either you are not sure or the answer is there is no other risks besides it's readable by others?