• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

secure file uploading with apache commons fileuploading

 
Ranch Hand
Posts: 143
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,

I am using apache commons fileupload to let users to upload their files to a web site. The web site itself is using https protol, so that the file is securely uploade through the internet using the HTML form based uploading process. However, when the file lands on the hard disk of the web server, it is unencrypted.

My question is that, if my web site is compromised by some attacker, these files will be exposed to the attacker, is there a way to do the follows:

1) Make the landed file to be encrypted when it is landing (even for the temporary file that the fileuploading process written during the file upload process).

2) Is there any other alternative approach to achieve this, e.g. another libary I can use to make the downloaded file always to be encrypted?


I can alway encrypt the file after the whole file is landed, but this is not desired. Since the temporary file written by the file uploading process is not encrypted.Also there is a delay between the landing of the whole file and the start of the encryption process.


Thanks,

David
 
Rancher
Posts: 43081
77
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Please don't post the same question to multiple forums. Let's continue the discussion in the duplicate post in the Security forum, where I'll post an answer shortly.
reply
    Bookmark Topic Watch Topic
  • New Topic