[jira] [Created] (PDFBOX-5533) Store password from PDF document in a byte array

Tue, 25 Oct 2022 06:56:08 -0700 

Aleksandr Beliakov created PDFBOX-5533:
------------------------------------------

             Summary: Store password from PDF document in a byte array
                 Key: PDFBOX-5533
                 URL: https://issues.apache.org/jira/browse/PDFBOX-5533
             Project: PDFBox
          Issue Type: Improvement
    Affects Versions: 2.0.27
            Reporter: Aleksandr Beliakov


Hello,

 

I would like to propose a security improvement regarding storing and handling a 
provided user-password when opening a protected PDF document.
Currently the class 
[COSParser|https://github.com/apache/pdfbox/blob/2.0.27/pdfbox/src/main/java/org/apache/pdfbox/pdfparser/COSParser.java#L98]
 stores the password as a String object, which is not the best practice.

The problem is that sensitive data (such as passwords) stored in memory can be 
leaked if it is stored in a managed String object. String objects are not 
pinned, so the garbage collector can relocate these objects at will and leave 
several copies in memory. These objects are not encrypted by default, so anyone 
that can read the process' memory will be able to see the contents. 
Furthermore, if the process' memory gets swapped out to disk, the unencrypted 
contents of the string will be written to a swap file. Lastly, since String 
objects are immutable, removing the value of a String from memory can only be 
done by the CLR garbage collector.

 

Therefore, it would be preferable to handle all user-passwords as a byte[] or 
char[] array instead of String, which can be cleaned after the use. You may 
also see that when passing a password to JDK classes, the password is converted 
to an array of characters (e.g. 
[here|https://github.com/apache/pdfbox/blob/2.0.27/pdfbox/src/main/java/org/apache/pdfbox/pdfparser/COSParser.java#L2979]).

 

To avoid unnecessary transformations and improve the security, it would be good 
to handle all passwords as an array starting from 
[PDDocumentload(...)|https://github.com/apache/pdfbox/blob/2.0.27/pdfbox/src/main/java/org/apache/pdfbox/pdmodel/PDDocument.java#L1030]
 method(s).

 

For backward compatibility, you may keep the old constructors and methods.

 

Thank you for your nice job!

 

Best regards,

Aleksandr.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to