The Acrobat family of products have a notion of trusted documents and other documents (documents that have not been trusted). For the purposes of multimedia playback, every document will exist in one category or the other. For this reason there are two sets of trust options in the Multimedia Trust panel--one for documents that are trusted and one for documents that are not. In order to understand multimedia behavior then, you need to know whether or not a document is trusted so that you can determine which set of options for multimedia playback will be used.
There are two ways a document can become trusted:
It can be signed with a valid certification signature, and you have trusted the signer’s certificate for
Acrobat Family of Products External Content and Document Security
Security Feature User Guide Configuring Multimedia Trust Preferences 99
If your multimedia trust preferences result in a prompt asking whether you want to play multimedia,
the Manage Trust for Multimedia Content dialog will offer various options that may allow you to trust the document.
Figure 78 Manage Trust for Multimedia Content dialog
Once a document is trusted, it is added to the Trusted Document list and will always use the preferences set for trusted documents. You can clear this list by selecting Clear in the Multimedia Trust panel (Figure 80).
Caution:Membership on the trusted document list is permanent until the list is manually cleared. Therefore, once a document is on that list, changing the certificate trust level to disallow dynamic content will have not effect.
Figure 79 Multimedia behavior workflow
8.2.1 Configuring Multimedia Trust Preferences
Controlling multimedia behavior in documents begins with specifying preferences for trusted documents and other documents.
Acrobat Family of Products External Content and Document Security
Security Feature User Guide Controlling Multimedia in Certified Documents 100
1. Open the Multimedia Trust Manager:
Acrobat and Adobe Reader (Windows): Edit > Preferences > Multimedia Trust
Acrobat and Adobe Reader (Macintosh): (Application) > Preferences > Multimedia Trust
Figure 80 Multimedia Trust (legacy)
2. From the Display Permissions for radio buttons, choose Trusted documents or Non-trusted documents. The Trust Manager displays the selected trust preferences (Figure 80).
3. Configure the Trust Options panel:
1. Check or uncheck Allow multimedia operations.
2. Set multimedia player permissions as follows: Select the player in the list and select an option from the Change permission for selected multimedia player to drop-down list:
Always: The player is used without prompting. Never: Prevents the player from being used.
Prompt: Prompts the user to enable the player when a media clip tries to use that player.
3. Select one or more of the playback options:
Allow playback in floating window with no title bars: Opens the media in a separate window
without a title bar.
Allow document to set title text in a floating-playback window: Opens the media in a
separate window with a title bar.
Allow playback in full-screen window: Opens the media in full-screen mode.
Note: Membership on the trusted document list is permanent until the list is manually cleared. Choose Clear to remove all documents from that list.
4. Choose OK.
8.2.2 Controlling Multimedia in Certified Documents
Note: Multimedia and other dynamic content poses a security risk because it could potentially change the document’s appearance or allow security holes in multimedia players to adversely impact
Acrobat Family of Products External Content and Document Security
Security Feature User Guide Setting JavaScript Options 101
your system. Participants in certification workflows should consider the source of the document and the security of the workflow before enabling dynamic content.
Whether dynamic content executes in certified documents based on the Trusted Document or Other Document settings depends on two items under your control:
You can configure a certified document to use the trusted document settings on a per-certificate basis
or by using trust anchors. If a signer’s certificate chains up to another certificate (a trust anchor) that allows multimedia, then multimedia will run in that certified document. For example, some enterprises may issue a MyCompany certificate that allows dynamic content. If all employee certificates use MyCompany as a trust anchor, then they can send and receive certified documents within the company that could contain working multimedia.
If the certificate trust settings allow dynamic content, the Multimedia Trust Manager’s Trusted
documents settings are used.
If the certificate trust settings do not allow dynamic content, the Trust Manager’s Other
Documents settings are used, UNLESS the document has already been added to the trusted documents list.
You can configure a certified document to always use the trusted document settings regardless of
certificate trust levels by adding it to the Trusted Documents list.
For details about setting certificate trust, see “Setting Certificate Trust” on page 37.
Preventing Multimedia Playback in Certified Documents
To prevent dynamic content from playing in any certified document do one of the following:
Never allow multimedia: Uncheck Allow multimedia operations in the Trust Options panel for both
trusted and untrusted documents as described in “Configuring Multimedia Trust Preferences” on page 99.
Never allow multimedia for untrusted documents: Never trust any certificate for dynamic content and
clear your trusted document list. Then configure your Other Document multimedia settings to Never or Prompt.
Note: There is no way to guarantee that multimedia won’t play based on the trusted document list and certificate trust level alone. Application preferences always override these features.