Highlighted

Can a Windows Acrobat Reader DC plugin communicate with a service via a socket when "Run in AppContainer" is checked?

New Here ,
May 27, 2019

Copy link to clipboard

Copied

I recently discovered an issue with a plugin that my company created for use with Adobe Acrobat Reader DC on Windows. Specifically, the plugin uses a socket to communicate with a custom service running on the local machine (it just connects to localhost using a port number around 50000). After installing 19.010.20091 (from Feb. 12/19), the plugin was able to connect to the service correctly & could send/receive messages as required. With 19.010.20099 (from Apr. 9/19) & newer, however, the plugin fails to make the connection.

After some investigation, I discovered that the difference is the "Run in AppContainer" checkbox. This defaults to off in the older version, but on in the newer versions. If I manually turn it on in the older version, I see the same problem; turning it off in the newer version allows the plugin to work.

I read Sandbox Protections — Acrobat Application Security Guide & tried to see if I could set something in ProtectedModeWhitelistConfig.txt to enable this, but to no avail. I also briefly read about cross-domain configurations (it kept coming up in my searches for "Acrobat" and "sockets"), but it doesn't seem relevant. I also went through Protected Mode to see if there was anything applicable, but I didn't come across anything.

I realize that I can simply uncheck the box (and we could configure our product's installer to edit the Registry appropriately), but I was wondering if there was an alternate way to do this without disabling this security feature.

I should also mention that we do already have a broker process to handle some other function calls (like a custom capture call that can launch one of our apps if needed), so I could explore moving some of this connection logic in there. I just thought I'd check if this had the potential to resolve this.

I'm quite new to our Adobe plugin code & Broker code, so I would appreciate any help. Also, I might not be able to provide specific code snippets, but if there's something that would be beneficial let me know & I'll see what I can do.

Thanks in advance.

Views

79

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more

Can a Windows Acrobat Reader DC plugin communicate with a service via a socket when "Run in AppContainer" is checked?

New Here ,
May 27, 2019

Copy link to clipboard

Copied

I recently discovered an issue with a plugin that my company created for use with Adobe Acrobat Reader DC on Windows. Specifically, the plugin uses a socket to communicate with a custom service running on the local machine (it just connects to localhost using a port number around 50000). After installing 19.010.20091 (from Feb. 12/19), the plugin was able to connect to the service correctly & could send/receive messages as required. With 19.010.20099 (from Apr. 9/19) & newer, however, the plugin fails to make the connection.

After some investigation, I discovered that the difference is the "Run in AppContainer" checkbox. This defaults to off in the older version, but on in the newer versions. If I manually turn it on in the older version, I see the same problem; turning it off in the newer version allows the plugin to work.

I read Sandbox Protections — Acrobat Application Security Guide & tried to see if I could set something in ProtectedModeWhitelistConfig.txt to enable this, but to no avail. I also briefly read about cross-domain configurations (it kept coming up in my searches for "Acrobat" and "sockets"), but it doesn't seem relevant. I also went through Protected Mode to see if there was anything applicable, but I didn't come across anything.

I realize that I can simply uncheck the box (and we could configure our product's installer to edit the Registry appropriately), but I was wondering if there was an alternate way to do this without disabling this security feature.

I should also mention that we do already have a broker process to handle some other function calls (like a custom capture call that can launch one of our apps if needed), so I could explore moving some of this connection logic in there. I just thought I'd check if this had the potential to resolve this.

I'm quite new to our Adobe plugin code & Broker code, so I would appreciate any help. Also, I might not be able to provide specific code snippets, but if there's something that would be beneficial let me know & I'll see what I can do.

Thanks in advance.

Views

80

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more

Have something to add?

Join the conversation
Resources
Trending Issue & Solution
Edit PDF in Adobe Acrobat Pro DC