how to secure the file uploading process using form-based upload

D

david wolf

Hi,

I am using apache commns fileupload to let users to upload their files
to a web site. The web site itself is using https protol, so that the
file is securely uploade through the internet using the HTML form based
uploading process. However, when the file lands on the hard disk of the
web server, it is unencrypted.

My question is that, if my web site is compromised by some attacker,
these files will be exposed to the attacker, is there a way to do the
follows:

1) Make the landed file to be encrypted when it is landing (even for
the temporary file that the fileuploading process written during the
file upload process).

2) Is there any other alternative approach to achieve this, e.g.
another libary I can use to make the downloaded file always to be
encrypted?

Thanks,

David
 
O

Oliver Wong

david wolf said:
Hi,

I am using apache commns fileupload to let users to upload their files
to a web site. The web site itself is using https protol, so that the
file is securely uploade through the internet using the HTML form based
uploading process. However, when the file lands on the hard disk of the
web server, it is unencrypted.

My question is that, if my web site is compromised by some attacker,
these files will be exposed to the attacker, is there a way to do the
follows:

1) Make the landed file to be encrypted when it is landing (even for
the temporary file that the fileuploading process written during the
file upload process).

2) Is there any other alternative approach to achieve this, e.g.
another libary I can use to make the downloaded file always to be
encrypted?

How about having the client encrypt the file before uploading it?

- Oliver
 
O

Oliver Wong

david wolf said:
It is not feasible to let the client encrypt our file. Any other
suggestions?

I think if your server is compromised by attackers, there is nothing you
can do on the server side to prevent access to data uploaded to that server.

- Oliver
 
B

Babu Kalakrishnan

david said:
I am using apache commns fileupload to let users to upload their files
to a web site. The web site itself is using https protol, so that the
file is securely uploade through the internet using the HTML form based
uploading process. However, when the file lands on the hard disk of the
web server, it is unencrypted.

My question is that, if my web site is compromised by some attacker,
these files will be exposed to the attacker, is there a way to do the
follows:

1) Make the landed file to be encrypted when it is landing (even for
the temporary file that the fileuploading process written during the
file upload process).

2) Is there any other alternative approach to achieve this, e.g.
another libary I can use to make the downloaded file always to be
encrypted?

You could have the server side code perform encryption of the file data
before it is written out to disk. The crypto implementation classes
provided in JDK 1.4+ should be adequate for this purpose.

As for temporary files being exposed, I'm not that familiar with the
Apache FileUpload API - but you could check if some way of accessing the
incoming file data as a stream is available that does not involve
creating temporary files - If it is, then you could perform on the fly
encryption on the stream, and the data would never appear on disk in its
unencrypted form.

BK
 
O

Oliver Wong

Babu Kalakrishnan said:
david said:
I am using apache commns fileupload to let users to upload their files
to a web site. The web site itself is using https protol, so that the
file is securely uploade through the internet using the HTML form based
uploading process. However, when the file lands on the hard disk of the
web server, it is unencrypted.

My question is that, if my web site is compromised by some attacker,
these files will be exposed to the attacker, is there a way to do the
follows:
[...]
As for temporary files being exposed, I'm not that familiar with the
Apache FileUpload API - but you could check if some way of accessing the
incoming file data as a stream is available that does not involve creating
temporary files - If it is, then you could perform on the fly encryption
on the stream, and the data would never appear on disk in its unencrypted
form.

Well, the data might appear inside of the OS swap file...

- Oliver
 
B

Babu Kalakrishnan

Oliver said:
david said:
I am using apache commns fileupload to let users to upload their files
to a web site. The web site itself is using https protol, so that the
file is securely uploade through the internet using the HTML form based
uploading process. However, when the file lands on the hard disk of the
web server, it is unencrypted.

My question is that, if my web site is compromised by some attacker,
these files will be exposed to the attacker, is there a way to do the
follows:
[...]

As for temporary files being exposed, I'm not that familiar with the
Apache FileUpload API - but you could check if some way of accessing
the incoming file data as a stream is available that does not involve
creating temporary files - If it is, then you could perform on the fly
encryption on the stream, and the data would never appear on disk in
its unencrypted form.


Well, the data might appear inside of the OS swap file...

Still worse, the hacker could replace the servlet code with his own
version that writes out an unencrypted copy of the file. :) So he
doesn't have to really depend on whether the OS uses swap files or not.

BK
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

No members online now.

Forum statistics

Threads
473,744
Messages
2,569,482
Members
44,901
Latest member
Noble71S45

Latest Threads

Top