How does IMSLP make sure that uploaded pdfs don't hold inside exploits? after all malicious pdfs were how the first iphones got jailbroken. and some pdf readers will run embedded javascripts. (well not the ones i use but still)
a search of forum didn't turn up anything but i am curious as a user. thank you
 |
IMSLP ForumsForums for the International Music Score Library Project (IMSLP) |
PDF safety
Moderator: kcleung
3 posts
• Page 1 of 1
Re: PDF safety
by daphnis » Sun Apr 22, 2012 9:39 pm
It's a valid question, and the present answer is that we don't. It'd probably be worth investigating into some MediaWiki plug-in that examines uploaded PDFs for any sort of code. If any is found the upload should be blocked. I can't think of a valid reason why any submitted PDFs need include such code.
- daphnis
- Copyright Reviewer
- Posts: 1498
- Joined: Thu May 17, 2007 7:15 pm
Re: PDF safety
by Choralia » Mon Apr 23, 2012 11:27 am
At CPDL (http://www.cpdl.org) we analyzed this subject for scores hosted on our servers. According to http://blog.didierstevens.com/programs/pdf-tools/ most suspicious pdf files may be identified if they include both /AA and /OpenAction statements, as they indicate an automatic action to be performed when the page/document is viewed.
I intended to implement a script that performs this check for all CPDL files. Unfortunately this activity is in my pipeline since a long time...
Anyway, I'm ready to share it with IMSLP when ready.
Max
I intended to implement a script that performs this check for all CPDL files. Unfortunately this activity is in my pipeline since a long time...
Anyway, I'm ready to share it with IMSLP when ready.Max
- Choralia
- Site Admin
- Posts: 411
- Joined: Fri Aug 28, 2009 9:08 pm
3 posts
• Page 1 of 1
Return to Scanning and PDF Creation
Who is online
Users browsing this forum: psbot [Picsearch] and 1 guest