You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@pdfbox.apache.org by "Aleksandr Beliakov (Jira)" <ji...@apache.org> on 2022/10/25 13:56:00 UTC

[jira] [Created] (PDFBOX-5533) Store password from PDF document in a byte array

Aleksandr Beliakov created PDFBOX-5533:
------------------------------------------

             Summary: Store password from PDF document in a byte array
                 Key: PDFBOX-5533
                 URL: https://issues.apache.org/jira/browse/PDFBOX-5533
             Project: PDFBox
          Issue Type: Improvement
    Affects Versions: 2.0.27
            Reporter: Aleksandr Beliakov


Hello,

 

I would like to propose a security improvement regarding storing and handling a provided user-password when opening a protected PDF document.
Currently the class [COSParser|https://github.com/apache/pdfbox/blob/2.0.27/pdfbox/src/main/java/org/apache/pdfbox/pdfparser/COSParser.java#L98] stores the password as a String object, which is not the best practice.

The problem is that sensitive data (such as passwords) stored in memory can be leaked if it is stored in a managed String object. String objects are not pinned, so the garbage collector can relocate these objects at will and leave several copies in memory. These objects are not encrypted by default, so anyone that can read the process' memory will be able to see the contents. Furthermore, if the process' memory gets swapped out to disk, the unencrypted contents of the string will be written to a swap file. Lastly, since String objects are immutable, removing the value of a String from memory can only be done by the CLR garbage collector.

 

Therefore, it would be preferable to handle all user-passwords as a byte[] or char[] array instead of String, which can be cleaned after the use. You may also see that when passing a password to JDK classes, the password is converted to an array of characters (e.g. [here|https://github.com/apache/pdfbox/blob/2.0.27/pdfbox/src/main/java/org/apache/pdfbox/pdfparser/COSParser.java#L2979]).

 

To avoid unnecessary transformations and improve the security, it would be good to handle all passwords as an array starting from [PDDocumentload(...)|https://github.com/apache/pdfbox/blob/2.0.27/pdfbox/src/main/java/org/apache/pdfbox/pdmodel/PDDocument.java#L1030] method(s).

 

For backward compatibility, you may keep the old constructors and methods.

 

Thank you for your nice job!

 

Best regards,

Aleksandr.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@pdfbox.apache.org
For additional commands, e-mail: dev-help@pdfbox.apache.org