Our Cyber Security team is asking questions about the clipboard in Pega. How it is used as temporary storage, what potentially has access to it. and if for some reason there was malicious codes what protections are in place to isolate that and prevent it from doing anything harmful to the system. I think they are looking for assurances that won’t be an attack vector that can be used to compromise the system. Are there any docs that I can use to put their mind at ease? Any links on the Pega site that go into detail on security that I can reference?
Clipboard is debugging tool used by developers to test/debug if any issues. All data in clipboard(ie Application related data) that we see will be populated from database or any external source. As it is temporary storage , it would be active only when a instance/case or thread is opened. Once we close the case/instance or thread, all data in clipboard goes away. We can restrict giving access to clipboard to end users and only developers can use it.
The clipboard tool is essentially to display data in memory. It presents data present in the heap memory. So it uses Pega’s security, as such there is no such other security specific for clipboard. The way Pega handles security in its memory is essentially the same for clipboard.
@Balasubramaniam It is my understanding that some of the Pega Mashup code for uploading files can leverage the clipboard to temporarily hold a file uploaded until it is dealt with. I believe the question/concern from Cyber Security is if that file image happened to represent any kind of executable code is there a way it can be invoked out of the clipboard or have something else that can read it and possibly execute it.
@SohamM95 Thanks for the reply. Then I think that any docs that explain how Pega handles security for its memory would apply and if there are any documents like that, then I could provide those to the Cyber Security team.