Journal

Technical

Question: Adobe Reader’s Protected Mode and compatibility with dynamic forms. Answer.

Deal­ing with dynamic PDF forms is not always exactly ground-breaking stuff, although a design chal­lenge like any­thing else. A ques­tion on a poten­tial incom­pat­ib­il­ity between the new secur­ity fea­tures in Adobe Reader and JavaS­cript is answered by an update soon com­ing to Adobe Reader; and a very nice man from Adobe.

Design­ing dynamic PDF forms can be sat­is­fy­ing work, as intro­du­cing things such as inter­activ­ity and pro­gress­ive dis­clos­ure can pro­duce an effect­ive end res­ult. How­ever the crux of these fea­tures is JavaS­cript, which it seemed had recently poten­tially come under fire by new secur­ity set­tings in Adobe’s own Reader software.

Pro­tec­ted Mode is Adobe Reader X’s ‘sand­box’ envir­on­ment, enabled by default and dis­abling JavaS­cript to an extent – which may of course include the very func­tion­al­ity provided by Adobe’s author­ing soft­ware, Live­Cycle Designer. A con­cern mater­i­al­ised: how would dynamic forms using JavaS­cript event appear to form users view­ing the forms using Reader X?

A ques­tion

Organ­isa­tions requir­ing high levels of secur­ity (such as local author­it­ies) some­times have recom­men­ded guid­ance to dis­able JavaS­cript in Reader, although the func­tion­al­ity of forms used intern­ally within an organ­isa­tion can be main­tained by spe­cify­ing cer­tain trus­ted zones. On review­ing the pref­er­ences in Reader X, it seemed that the trig­ger to JavaS­cript being turned off and an alert being thrown up at the top of the Reader win­dow advising the form user that JavaS­cript and sub­sequently func­tion­al­ity was dis­abled was the option under Secur­ity (Enhanced) > Priv­ileged Loc­a­tions > ‘Auto­mat­ic­ally trust sites from my Win OS secur­ity zones’ (on Windows).

A scen­ario of a form user out­side of such an organ­isa­tion who may be some­what unex­posed to digital forms or not used to tech­nical lan­guage poten­tially being alarmed by a secur­ity alert and per­haps sub­sequently hav­ing to change secur­ity set­tings is of course undesir­able. This would after all work against any over­all pos­it­ive effect of an effi­cient and intu­it­ive form design.

Are Reader X’s secur­ity set­tings – Reader cur­rently being the only soft­ware to fully ful­fil dynamic func­tion­al­ity in PDF forms  com­pat­ible with LiveCycle, the very soft­ware used to cre­ate the forms? Although of course advance­ments in secur­ity are always wel­come, if there was an incom­pat­ib­il­ity, it seemed curi­ous how Adobe was plan­ning for the future, let alone mar­ket­ing their own products. And of course although it’s one thing for an organ­isa­tion to con­form to cer­tain secur­ity stand­ards and to con­trol secur­ity set­tings in their own cop­ies of Reader, would any form user poten­tially be con­fron­ted by an alert that their form lacked func­tion­al­ity? Clar­ity was needed.

An answer

Now, it would be unfair to accuse Adobe of being the sole per­pet­rator of ques­tion­able tele­phone sup­port – more on that at another time (you know who you are, Quark XPress). How­ever sev­eral tele­phone con­ver­sa­tions with Adobe tech­nical sup­port pro­duced only closed answers and frus­tra­tion, and no answers to requests for fur­ther inform­a­tion on Adobe’s blogs and product pages.

As an altern­at­ive way to find­ing answers, I thought I’d try the people who’d know, Adobe’s Product Secur­ity Incid­ent Response Team (PSIRT) – and on the same day had a response from the man him­self – the author of many online art­icles on Reader’s secur­ity, Adobe Reader’s Group Product Man­ager Steve Got­tw­als. After a couple of emails he kindly offered to call me from the States a few days later (and was I pleased that Pacific Time didn’t neces­sit­ate an oblig­at­ory steady sup­ply of caf­feine at an ungodly hour).

First, Steve was able to inform me of devel­op­ments to the new secur­ity model which we can expect to be rolled out this month, remov­ing ambi­gu­ity on the sub­ject. Essen­tially, with the update to Reader X, the afore­men­tioned should no longer be an issue, with enhanced options and Pro­tec­ted Mode provid­ing an intel­li­gent layer of secur­ity that allows the JavaS­cript events found in dynamic PDF forms but blocks poten­tially mali­cious code.

But I would also like to use this oppor­tun­ity to relate how thor­oughly impressed I was with Steve’s response. After spend­ing so long, unsuc­cess­fully, to con­tact the right per­son through Adobe’s usual chan­nels, for the Product Man­ager – and a very nice man to boot – to take a few minutes out of his work­ing day left a very good impres­sion. An example I thought.

Graphic design, News

New look for The Independent

On pick­ing up an i today, I was unsettled by the usual ref­er­ence to The Inde­pend­ent on the ver­tical masthead - which looked strangely dif­fer­ent. On closer inspec­tion (a second trip to the news­agent) it does indeed seem that The Indy has gone for a bit of a change - gone is the well-known didone masthead, and in is a sanserif.

New Independent front page

New look for The Independent’s front page

Fol­low­ing the evol­u­tion of the paper to a com­pact format and a more European feel, the Indy now presents itself as … well, a red top. The new masthead is one big con­trast to the pre­vi­ous, how­ever doesn’t feel out of place at all with the design of the interior, fol­low­ing the pre­vi­ous design, espe­cially in typo­graphy. The new cover has a well-considered lay­out and cer­tainly stands out, but does it loose a little of the poise and pos­i­tion of the pre­vi­ous design? It’s an inter­est­ing change, espe­cially con­sid­er­ing it’s place in the mar­ket against [little] sis­ter i paper. The Guardian’s no doubt jumped-at blog art­icle on the change.