• Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
    Dedicated community for Japanese speakers
  • 한국 커뮤니티
    Dedicated community for Korean speakers
Exit
3

What's the real world risk to the system of disabling Global Object Security Policy

Community Beginner ,
Mar 21, 2024 Mar 21, 2024

Copy link to clipboard

Copied

I've read through a post in this forum about similar question (back in 2017), but it didn't quite answer my question.

 

I understand that global object is readable by others, but is there any risk of one document implanting a malware/virus  in the global object, which affects other documents?  Or in more general term, is there any risk by disabling the policy, which may results in a much wider thread?

TOPICS
JavaScript , PDF

Views

161

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines

correct answers 1 Correct answer

Adobe Employee , Mar 27, 2024 Mar 27, 2024

Hi there,

 

Yes, you got it right. Disabling the "global object security policy" poses no threat to your user's computer. It functions solely to generate a single tracking ID or cookie on their device, similar to how browser sessions handle cookies. Therefore, its deactivation does not cause any harm to the user's system.

 

Regards

Amal

 

Got your issue resolved? Please label the response as 'Correct Answer' to help your fellow community members find a solution to similar problems.

Votes

Translate

Translate
Adobe Employee ,
Mar 22, 2024 Mar 22, 2024

Copy link to clipboard

Copied

Hi @Test36246370m6r9 

 

Hope you are doing well and thanks for reaching out.

 

Please check out the correct answer marked in the similar discussion https://community.adobe.com/t5/acrobat-reader-discussions/can-you-tell-me-what-the-enable-global-obj... and see if that works.

 

~Amal

 

Got your issue resolved? Please label the response as 'Correct Answer' to help your fellow community members find a solution to similar problems.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Beginner ,
Mar 22, 2024 Mar 22, 2024

Copy link to clipboard

Copied

Thanks Amal.

That discussion didn't answer my question as per my first statement.  That's why i elaborated explicitly on what I am asking, which that discussion back in 2017 didnt address

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Adobe Employee ,
Mar 25, 2024 Mar 25, 2024

Copy link to clipboard

Copied

Hi there

 

The Global Object Security Policy (GOSP) is a setting in many supported PDF readers which controls how cookies behave. The default setting is “enable global object security policy” which means that every time someone renames a file or moves a file to a different location, a different cookie is created each time.

Since DRM protected content relies on these cookies to track the number of ‘devices’ that a user opens the protected PDF, you will be required to disable this feature to open and view DRM protected PDFs.

 

Additional info: Please check the similar discussion that i have found on MS support page https://answers.microsoft.com/en-us/windows/forum/all/global-security-policy-settings-message-this/a... and see if that helps.

 

Hope this information will help.

 

~Amal

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Beginner ,
Mar 25, 2024 Mar 25, 2024

Copy link to clipboard

Copied

Thanks again Amal.

I've read what you've posted on Adobe docs.  It only says what it is but doesn't say what are the risks if I disable it.

 

This option was disabled by default.  "It is ok" to disable it because DRM needs it is strange.  That's why I would like to understand what kind of exposure am I facing by disabling it?  It can't be none if it was disabled by default.  This is not document level setting but Adobe acrobat setting which will be used by all pdf docs opened using Adobe acrobat.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Adobe Employee ,
Mar 26, 2024 Mar 26, 2024

Copy link to clipboard

Copied

Hi there

 

This policy restricts the use of a global scripting object within the application. This object is accessible to all programs across different contexts and can persist information across sessions. Its unrestricted accessibility poses a potential security risk, allowing anyone to access stored data without requiring knowledge of specific item names.

Disabling this feature is an option to mitigate these security concerns.

 

A responsible approach for developers involves refraining from storing sensitive data within this object. Alternatively, if necessary, sensitive data should be encrypted, hashed, or at least obfuscated to enhance security.

 

Please note that enabling this option may result in certain scripts malfunctioning.

 

Hope this answers your query.

 

~Amal

 

Got your issue resolved? Please label the response as 'Correct Answer' to help your fellow community members find a solution to similar problems.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Beginner ,
Mar 26, 2024 Mar 26, 2024

Copy link to clipboard

Copied

Again, I've already stated that in my original post.  I'm aware that it's readable by others.  My question is, as per my original post, 

quote

is there any risk of one document implanting a malware/virus  in the global object, which affects other documents?  Or in more general term, is there any risk by disabling the policy, which may results in a much wider thread?

 

It sounds to me like either you are not sure or the answer is there is no other risks besides it's readable by others?

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Adobe Employee ,
Mar 27, 2024 Mar 27, 2024

Copy link to clipboard

Copied

LATEST

Hi there,

 

Yes, you got it right. Disabling the "global object security policy" poses no threat to your user's computer. It functions solely to generate a single tracking ID or cookie on their device, similar to how browser sessions handle cookies. Therefore, its deactivation does not cause any harm to the user's system.

 

Regards

Amal

 

Got your issue resolved? Please label the response as 'Correct Answer' to help your fellow community members find a solution to similar problems.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines