From a JDK perspective you need to make sure you run with the latest secure baseline update for your version : for more info see http://www.oracle.com/technetwork/java/javase/overview/security-2043272.html
The rest is application architecture for which I don't think we can or should give advice. This is not a support channel. These lists are for people contributing source code to OpenJDK.
-phil. On 5/29/17, 2:48 PM, Sergey Bylokhov wrote:
Hi, The question is related to Java2D API and 2d-dev (cc). ----- timo.vander.sch...@globalrelay.net wrote:Hi, The front-end generates a base64 encoded image of a graph and send it to the backend to use it with pdfbox to create a pdf file. Are there any security concerns with in particular this line "BufferedImage bufImg = ImageIO.read(new ByteArrayInputStream(imageByte)); “? @POST @Consumes(MediaType.APPLICATION_JSON) @Path("/pdfbox") public void getChartsPdf(String base64ImageData) throws IOException{ PDDocument doc = null; byte[] imageByte; String base64Image = base64ImageData.split(",")[1]; BASE64Decoder decoder = new BASE64Decoder(); imageByte = decoder.decodeBuffer(base64Image); try { doc = new PDDocument(); PDPage page = new PDPage(); doc.addPage(page); PDFont font = PDType1Font.HELVETICA_BOLD; PDPageContentStream contentStream = new PDPageContentStream(doc, page); BufferedImage bufImg = ImageIO.read(new ByteArrayInputStream(imageByte)); PDXObjectImage ximage = new PDPixelMap(doc, bufImg); contentStream.beginText(); contentStream.setFont( font, 12 ); contentStream.moveTextPositionByAmount( 50, 700 ); contentStream.drawString("Timeline"); contentStream.endText(); contentStream.drawXObject(ximage, 20, 500, ximage.getWidth()/2, ximage.getHeight()/2); contentStream.close(); doc.save("testCharts.pdf"); } catch (Exception e) { System.err.println(e.getMessage()); } finally { if (doc != null) { doc.close(); } } } Regards, Timo
