Skip to main content
Version: 9.0

Security considerations

Security updates

webPDF is a Java-based server solution in version 9 running on the OpenJDK. We use the OpenJDK 11 LTS of the Eclipse Temurin™ project. For the updates of webPDF we follow the update cycles of the OpenJDK. Currently, they are available about once a quarter.

As part of the OpenJDK updates, we also perform "Security Updates" of all libraries used by webPDF. In addition to these "security updates", (minor) enhancements/improvements to the product are also often made.

note

If there are "critical vulnerabilities" (e.g. "CVE" with "High Priority") in the libraries used, we will of course provide short-term updates.

Encryption

Data

webPDF does not perform a general encryption of the installation or the directories and files. The protection of the system or storage medium resides on the side of the operating system. A listing of all directories and their meaning is available in the documentation.

Web service endpoints

The web service endpoints of the server can be encrypted using SSL/TLS. The SSL/TLS configuration of the HTTP endpoints should be done for the server.

caution

SSL/TLS encryption is not enabled in the default installation.

Passwords

All passwords that webPDF stores, e.g. for users, are stored encrypted in the data or configuration files.

Authorization

All web service endpoints require authorization for use. Such authorization can be provided by webPDF itself or by an external OAuth2 token. To obtain authorization from webPDF, authentication must be performed. This authentication can be done as "anonymous" or "named" login (login against a user-source).

An appropriate user source should be selected for the active operation of the server. It should also be noted that if necessary the Anonymous login should be disabled.

caution

In the default installation, anonymous login is enabled.

Data storage

The webPDF server is an application that is always installed "on premise" at the customer's site and does not send any data to external sources. All webPDF Server data resides locally on the IT system where webPDF was installed.

The server does not store any data or documents permanently. The documents processed by the web services are only present on the server during execution. All processing and caching of documents takes place in the "temp" folder of the server.

In addition, only logs are created, which contain, among other things, general (statistical) data about the processing.