Form Problems - Security issues when signing

New Here ,
Feb 26, 2020 Feb 26, 2020

Copy link to clipboard

Copied

I developed a PDF form using Javascript for field validation and digital signature after filling. We found a security problem after signing.

 

My form: Ficha Cadastral 26.02.2020 Filled Form.pdf

 

I coded an onSign_pf script: by signing the document, all filled fields are visible and all fields become read-only.

 

Problems: some important fields, remain clickable after signing, using Acrobat Pro or Reader, Windows (10 or 7).

These fields have scripts that reset some fields and/or show/hide some other fields.

When they remain clickable after the subscription, the information filled in by the customer will be lost.

 

On Mac everything works correctly (with Adobe Reader or Professional): after signing all fields are correctly read-only -  cannot be edited or checked.

 

My idea for solve this: create a button (you will see the new gray button called pf.validarinformacoes) that will serve for the person to review the information before signing (What I called “review” is make the fields read-only and make the fillable fields visible – function onSign_pf)

 

After validating the information, the signature field button will be visible and “on sign” tab I setup “Mark as read only: all fields”. (To ensure that all fields would be read-only, in case the problem was with the on_sign_pf  script).

But: the problems persists.

 

Please, let me show you, through the video, what is happening, step by step: https://youtu.be/gjBrPHQRtr4 (no song, please activate captions)

 

Environment problem:

  • The fields remain clickable after signature / instruction for all fields to become read-only.
  • Adobe Acrobat Pro / Reader
  • Windows ( 7 or 10, 64 or 32 bits)
  • Happens with token or self signed signatures

Please! Help me! ☺

Fabiana GO
Enjoy the videos and music you love, upload original content, and share it all with friends, family, and the world on YouTube.
TOPICS
Acrobat SDK and JavaScript, PDF forms, Security digital signatures and esignatures

Views

128

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Adobe Community Professional ,
Feb 27, 2020 Feb 27, 2020

Copy link to clipboard

Copied

In the onSign_pf script you ignore some fileds:
var fieldsToIgnore = ["pf.possuiecpflabel","pf.possuiecpfsimlabel","pf.possuiecpfnaolabel","pf_ecpf_sim","pf_ecpf_nao","pf_assinatura","pf_assinatura_digital" ,"pf_assinatura_label"];

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Feb 27, 2020 Feb 27, 2020

Copy link to clipboard

Copied

LATEST

Hi @Bernd_Alheit thank you for your help! The ignored fields in onSign_pf are the signature fields (digital or bio).

 

I thought it would solve my problem with read-only fields by dividing the form into two steps:

 

Step 1: click on the gray button and prepare the fields for signature (filled in visible and all read only)

Step 2: shows the signature field (ignored in the previous phase) sign and send.

all-fields-read-only.gif

 

 

My initial idea was to have only one step: the script from Step 1 (onSign_pf) should solve everything, in the first version I would activate the script in the "Signed" tab of the signature field and my expectation is that I could make all fields read only after the signature.

 

Well, as it wasn't working, I divided it into two steps: Check fields and Sign.

Fabiana GO

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines