Question
Ford
US
Last activity: 11 Jun 2024 10:19 EDT
Any Pega documentation on how the clipboard data is isolated and protected?
Our Cyber Security team is asking questions about the clipboard in Pega. How it is used as temporary storage, what potentially has access to it. and if for some reason there was malicious codes what protections are in place to isolate that and prevent it from doing anything harmful to the system. I think they are looking for assurances that won't be an attack vector that can be used to compromise the system. Are there any docs that I can use to put their mind at ease? Any links on the Pega site that go into detail on security that I can reference?
Thank You.
Accepted Solution
Updated: 24 Jun 2024 10:21 EDT
Maantic Inc
IN
The clipboard tool is essentially to display data in memory. It presents data present in the heap memory. So it uses Pega's security, as such there is no such other security specific for clipboard. The way Pega handles security in its memory is essentially the same for clipboard.
HCL Technologies Limited
IN
Clipboard is debugging tool used by developers to test/debug if any issues. All data in clipboard(ie Application related data) that we see will be populated from database or any external source. As it is temporary storage , it would be active only when a instance/case or thread is opened. Once we close the case/instance or thread, all data in clipboard goes away. We can restrict giving access to clipboard to end users and only developers can use it.
Ford
US
@BalasubramaniamIt is my understanding that some of the Pega Mashup code for uploading files can leverage the clipboard to temporarily hold a file uploaded until it is dealt with. I believe the question/concern from Cyber Security is if that file image happened to represent any kind of executable code is there a way it can be invoked out of the clipboard or have something else that can read it and possibly execute it.
HCL Technologies Limited
IN
I dont think so there is a chance to execute any code out of the clipboard to my understanding. Please correct me if i am wrong.
Accepted Solution
Updated: 24 Jun 2024 10:21 EDT
Maantic Inc
IN
The clipboard tool is essentially to display data in memory. It presents data present in the heap memory. So it uses Pega's security, as such there is no such other security specific for clipboard. The way Pega handles security in its memory is essentially the same for clipboard.
Ford
US
@SohamM95 Thanks for the reply. Then I think that any docs that explain how Pega handles security for its memory would apply and if there are any documents like that, then I could provide those to the Cyber Security team.