dslreports logo
    All Forums Hot Topics Gallery


Search Topic:
share rss forum feed

Built for Speed
Fort Wayne, IN
·Frontier Communi..

1 recommendation

reply to Cronk

Re: Open a pdf in browser vs in application

said by Cronk:


said by Blackbird:

..using a plug-in (which in turn invokes the application program itself) within the browser add two more layers of potential security vulnerability ahead of the app alone.

although I can't say I understand the two layers he refers to. Does opening it in the browser create the possibility that the exploit will be able to poke for vulnerabilities in the browser, that would otherwise not have been exploitable if the pdf was opened in the application?

The browser must communicate with the plug-in and the plug-in communicates with its related app which then ostensibly communicates with the target file. Those extra two layers of data exchange and interface with the OS (browser/plugin and plugin/app) establish at least the possibility for things like unchecked buffer overflows plus who-knows-what other possible hiccups that some creative hackers might discover. Even if the app itself is airtight, there are two added levels for mischief to occur when viewing through the browser... though that's not to say both added levels are equally vulnerable or are easy to code an exploit for. But they do stand as added code that can be messed with... and I prefer to keep all that to a minimum by simply downloading the file, scanning it several ways, and opening it directly with the app of choice.
“The American Republic will endure until the day Congress discovers that it can bribe the public with the public's money.” A. de Tocqueville


OK thanks.