Uploaded image for project: 'DSpace'
  1. DSpace
  2. DS-4399

pdfbox and encrypted PDFs

    XMLWordPrintable

    Details

    • Attachments:
      0
    • Comments:
      0
    • Documentation Status:
      Not Required

      Description

      I just noticed that when pdfbox was upgraded due to a security advisory, its optional dependency enabling access to encrypted documents was also removed from DSpace:

      https://github.com/DSpace/DSpace/commit/59f55180d3ac06a24acf62fca5b084e2a163d43f

      The rationale given in the commit message is "Remove BouncyCastle optional dependency (DSpace doesn't support encrypted PDFs)" with no associated Jira issue.

      I think this may be misguided, but I'm not 100% sure and it requires a bit of verification.

      If I remember correctly, you can have an encrypted PDF that is nonetheless completely readable without a password, so it could be indexed or a thumbnail generated. It's just printing / text selection / editing that may be disallowed. A quick search confirms my hunch:

      https://stackoverflow.com/questions/39571878/pdfbox-returns-isencrypted-true-even-if-i-can-open-file

      So I'm leaving this issue as a reminder to verify this before release.

       

      PS: Actually I have found more info, it just wasn't mentioned in the commit:

      https://jira.lyrasis.org/browse/DS-2375

      https://github.com/DSpace/DSpace/pull/2425

       

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Unassigned
              Reporter:
              helix84 Ivan Masár
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

                Dates

                Created:
                Updated: