Skip to main content
Version: 10.0

Security considerations

Security updates

webPDF is a Java-based server solution that runs on OpenJDK. We always use the LTS versions of OpenJDK from the Eclipse Temurin™ project. For the updates of webPDF we follow the update cycles of the OpenJDK. Currently, they are available about once a quarter.

As part of the OpenJDK updates, we also perform "Security Updates" of all libraries used by webPDF. In addition to these "security updates", (minor) enhancements/improvements to the product are also often made.

note

If there should be any "critical vulnerabilities" (e.g. "CVE" with "high priority") in the libraries used by the webPDF server, we will of course provide updates at short notice.

Encryption

Data

webPDF does not perform a general encryption of the installation or the directories and files. The protection of the system or storage medium resides on the side of the operating system. A listing of all directories and their meaning is available in the documentation.

Web service endpoints

The web service endpoints of the server can be encrypted using TLS. The TLS configuration of the HTTP endpoints should be done for the server.

caution

TLS encryption is not enabled in the default installation.

Passwords

All passwords that webPDF stores, e.g. for users, are stored encrypted in the data or configuration files.

Authorization

All web service endpoints require authorization for use. Such authorization can be provided by webPDF itself or by an external OAuth2 token. To obtain authorization from webPDF, authentication must be performed. This authentication can be done as "anonymous" or "named" login (login against a user-source).

An appropriate user source should be selected for the active operation of the server. It should also be noted that anonymous login should be disabled if necessary.

caution

In the default installation, anonymous login is enabled.

Data storage

The webPDF server is an application that is always installed "on premise" at the customer's site and does not send any data to external sources. All webPDF Server data resides locally on the IT system where webPDF was installed.

The server does not store any data or documents permanently. The documents processed by the web services are only present on the server during execution. All processing and caching of documents takes place in the "temp" folder of the server.

In addition, only logs are created, which contain, among other things, general (statistical) data about the processing.