[
https://issues.apache.org/jira/browse/PDFBOX-4155?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16843393#comment-16843393
]
Andreas Lehmkühler commented on PDFBOX-4155:
--------------------------------------------
We don't need a CLA as the code is licensed under the Apache License v2.0. We
should mentioned the origin in the NOTICE file.
BTW: Tom is using a wrong variant of the header as I assume that he just want
to use the license but didn't licensed it to the ASF. Just a nitpicking detail,
I'm going to contact him
> Password Security with Unicode needs SASLprep
> ---------------------------------------------
>
> Key: PDFBOX-4155
> URL: https://issues.apache.org/jira/browse/PDFBOX-4155
> Project: PDFBox
> Issue Type: Bug
> Components: Crypto
> Affects Versions: 2.0.8
> Reporter: Marc Kaufman
> Priority: Minor
> Labels: security
> Attachments: SASLPrep example.pdf
>
>
> Standard Security handler for Version 6 (AES256) handles Unicode passwords.
> However the current handler is missing this part:
> "The UTF-8 password string shall be generated from Unicode input by
> processing the input string with the SASLprep (RFC 4013) profile of
> stringprep (RFC 3454) using the Normalize and BiDi options, and then
> converting to a UTF-8 representation."
> SASLprep is required to normalize equivalent codings for complex glyphs (such
> as those using umlauts, etc).
> pdmodel/encryption/StandardSecurityHandler.java
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
