Comments on: PDF Security in SharePoint 2010

By: jbooker

jbooker — Fri, 29 Jul 2011 12:48:52 +0000

Julian,

I agree about security. As you point out, adding inline MIME types is preferred. That said, I do wonder how responsible it its (usability-wise) for MS not to have provided a secure viwer for O365.

I did this in response to the overwelming user demand and underwhelming MS response for a solution to open PDFs in the browser in O365. In my opinion, MS should have provided a secure viewer before now. Especially because they have a silverlight XPSPDF viewer already on docs.com.

I know some may feel differently, but to me, usability trumps the risk when it comes to pdfs in the browser.
Plus I will add for those who feel safe with the Browser File Handling set to strict, the fact that you can by-pass the ”noopen” header like this proves it”s really not so strict.

Thanks for looking,
Josh

By: Julian

Julian — Thu, 28 Jul 2011 19:20:28 +0000

Interesting workaround Josh.
I do wonder how responsible (security-wise) it is to use javascript to work around an intentional security protection method though.
In an on-premise situation you”d be better off sticking with the Inline Download Exclusion method, but in O365 you don”t have that option yet, so your workaround would indeed be useful.

Rgds
JB

By: jbooker

jbooker — Thu, 28 Jul 2011 14:57:11 +0000

You can work around the Strict Browser File Handling by embeding the pdf in the page like this:

http://joshuabooker.com/Documents/pdf.aspx?file=browserfilehandling.pdf

The above is a PDF file in the browser from my Office365 site even though browser file handling is set to strict.

HTH,
Josh