Remove every metadata from the document

usernameisalreadyinuse · May 12, 2022, 2:58pm

Hello,
I’m having the same problem and I need to remove every metadata from the document because it is leaking information to a possible attacker.

I don’t want to show what library and version I’m using because that can be exploited to target specific known bugs of the platform (.NET) or the library.

Giving back to the client browser a PDF file that contains the text “Aspose.PDF for .NET 22.4.0” is cancelling all the effort that I put into removing every .NET reference in the rest of the output, like OWASP reccomends:

I can imagine that this is required in the free version but I do have a Developer OEM key so I was expecting to have no watermarks in the produced files.
Is this behaviour mentioned in the EULA / License? Do I have to pay an additional fee to have this watermark removed?

Thanks.

tahir.manzoor · May 12, 2022, 5:49pm

@usernameisalreadyinuse

Yes, you can remove the Application and Producer fields. Please check the following code example.

Document doc = new Document(MyDir + @"input.pdf");
doc.Info.Producer = "";
doc.Info.Creator = "";

doc.Save(MyDir + @"22.4.pdf");

usernameisalreadyinuse · May 16, 2022, 8:03am

Thanks, that seems to do the trick.

PS
I was unsure how to preserve the original Creator of the document because it was replaced during the Save call but this code (weirdly enough) is working:
document.Info.Creator = document.Info.Creator

tahir.manzoor · May 16, 2022, 2:02pm

@usernameisalreadyinuse

Thanks for your feedback. Your code is correct. You can use Info.Producer property to set or get the producer value.