Form Problems - Security issues when signing

Report · Feb 26, 2020

I developed a PDF form using Javascript for field validation and digital signature after filling. We found a security problem after signing.

My form: Ficha Cadastral 26.02.2020 Filled Form.pdf

I coded an onSign_pf script: by signing the document, all filled fields are visible and all fields become read-only.

Problems: some important fields, remain clickable after signing, using Acrobat Pro or Reader, Windows (10 or 7).

These fields have scripts that reset some fields and/or show/hide some other fields.

When they remain clickable after the subscription, the information filled in by the customer will be lost.

On Mac everything works correctly (with Adobe Reader or Professional): after signing all fields are correctly read-only - cannot be edited or checked.

My idea for solve this: create a button (you will see the new gray button called pf.validarinformacoes) that will serve for the person to review the information before signing (What I called “review” is make the fields read-only and make the fillable fields visible – function onSign_pf)

After validating the information, the signature field button will be visible and “on sign” tab I setup “Mark as read only: all fields”. (To ensure that all fields would be read-only, in case the problem was with the on_sign_pf script).

But: the problems persists.

Please, let me show you, through the video, what is happening, step by step: https://youtu.be/gjBrPHQRtr4 (no song, please activate captions)

Environment problem:

The fields remain clickable after signature / instruction for all fields to become read-only.
Adobe Acrobat Pro / Reader
Windows ( 7 or 10, 64 or 32 bits)
Happens with token or self signed signatures

Please! Help me! ☺

Fabiana GO

Report · Feb 27, 2020

In the onSign_pf script you ignore some fileds:
var fieldsToIgnore = ["pf.possuiecpflabel","pf.possuiecpfsimlabel","pf.possuiecpfnaolabel","pf_ecpf_sim","pf_ecpf_nao","pf_assinatura","pf_assinatura_digital" ,"pf_assinatura_label"];

Report · Feb 27, 2020

Hi @Bernd_Alheit thank you for your help! The ignored fields in onSign_pf are the signature fields (digital or bio).

I thought it would solve my problem with read-only fields by dividing the form into two steps:

Step 1: click on the gray button and prepare the fields for signature (filled in visible and all read only)

Step 2: shows the signature field (ignored in the previous phase) sign and send.

My initial idea was to have only one step: the script from Step 1 (onSign_pf) should solve everything, in the first version I would activate the script in the "Signed" tab of the signature field and my expectation is that I could make all fields read only after the signature.

Well, as it wasn't working, I divided it into two steps: Check fields and Sign.

Fabiana GO

Adobe Community

Form Problems - Security issues when signing