secure file uploading questions

Hi,

I am using apache commons fileupload to let users to upload their files to a web site. The web site itself is using https protol, so that the file is securely uploade through the internet using the HTML form based uploading process. However, when the file lands on the hard disk of the web server, it is unencrypted.

My question is that, if my web site is compromised by some attacker, these files will be exposed to the attacker, is there a way to do the follows:

1) Make the landed file to be encrypted when it is landing (even for the temporary file that the fileuploading process written during the file upload process).

2) Is there any other alternative approach to achieve this, e.g. another libary I can use to make the downloaded file always to be encrypted?


I can alway encrypt the file after the whole file is landed, but this is not desired. Since the temporary file written by the file uploading process is not encrypted.Also there is a delay between the landing of the whole file and the start of the encryption process.


Thanks,

David

If even the temp file should be encrypted, then you'll probably have to extend the upload package (servlet) to do so. That shouldn't be too hard, since there's not a lot of code, and it's heavily documented.