pdfbox-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF subversion and git services (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (PDFBOX-4155) Password Security with Unicode needs SASLprep
Date Sun, 02 Jun 2019 03:44:00 GMT

    [ https://issues.apache.org/jira/browse/PDFBOX-4155?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16853874#comment-16853874
] 

ASF subversion and git services commented on PDFBOX-4155:
---------------------------------------------------------

Commit 1860503 from Tilman Hausherr in branch 'pdfbox/branches/issue45'
[ https://svn.apache.org/r1860503 ]

PDFBOX-4155: SonarQube fix

> Password Security with Unicode needs SASLprep
> ---------------------------------------------
>
>                 Key: PDFBOX-4155
>                 URL: https://issues.apache.org/jira/browse/PDFBOX-4155
>             Project: PDFBox
>          Issue Type: Bug
>          Components: Crypto
>    Affects Versions: 2.0.8
>            Reporter: Marc Kaufman
>            Assignee: Tilman Hausherr
>            Priority: Minor
>              Labels: security
>             Fix For: 2.0.16, 3.0.0 PDFBox
>
>         Attachments: SASLPrep example.pdf
>
>
> Standard Security handler for Version 6 (AES256) handles Unicode passwords. However the
current handler is missing this part:
> "The UTF-8 password string shall be generated from Unicode input by processing the input
string with the SASLprep (RFC 4013) profile of stringprep (RFC 3454) using the Normalize and
BiDi options, and then converting to a UTF-8 representation."
> SASLprep is required to normalize equivalent codings for complex glyphs (such as those
using umlauts, etc).
> pdmodel/encryption/StandardSecurityHandler.java



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@pdfbox.apache.org
For additional commands, e-mail: dev-help@pdfbox.apache.org


Mime
View raw message