Win a copy of Rust Web Development this week in the Other Languages forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Tim Cooke
  • Campbell Ritchie
  • Ron McLeod
  • Liutauras Vilda
  • Jeanne Boyarsky
Sheriffs:
  • Junilu Lacar
  • Rob Spoor
  • Paul Clapham
Saloon Keepers:
  • Tim Holloway
  • Tim Moores
  • Jesse Silverman
  • Stephan van Hulst
  • Carey Brown
Bartenders:
  • Al Hobbs
  • Piet Souris
  • Frits Walraven

Secure Uploading of Data !!!

 
Greenhorn
Posts: 28
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Dear All,

I am working on an application where some very secured
data is uploaded by Client using Application UI(developed using
JSP+Servlets+orielly upload).
What are the possibilities that this data can be hacked by
a hacker.
If possible than what can be a secure way of uploading such
data .
Can a solution of encrypting a file containing the data and than
decrypting the file before inserting into DB be right.

Any clue will be helpful.

Thanks and Regards
Dushyant Bhardwaj
 
Bartender
Posts: 9626
16
Mac OS X Linux Windows
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Security is an extremely complex issue. The most secure system would be sealed inside a concrete block with no input or output. Most "computer security" problems are actually "social engineering" problems, where some cracker (not "hacker") asks a gullable employee for their user name and password or physical access to their computer. However, in your case, using HTTP to upload a file, you do have a security problem because HTTP will carry the data as plain text across the network. It is fairly trivial to place a network traffic sniffer along the route of the data and recover it. You have a couple of options. You could encrypt the data file before it is sent. If you use a symmetric encryption scheme (the encryption key and decryption key are the same, like DES), then the key on the client may be compromised by a cracker. More secure is public-private key encryption (i.e. Diffie-Hellman) where the client uses a public key which cannot decode the encoded message. In your case, I'd look at using HTTPS if you have a web server that supports it. HTTPS uses public-private key encryption to encode HTTP requests and responses.
 
Dushyant Bhardwaj
Greenhorn
Posts: 28
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Dear Joe,
Thanks for your quick response .
Now I have further quries on this -
1. In approach one you mean - I ll first encrypt a file
and than upload the file , since I m not copying this file
to some physical location on the AppServer(I m reading the file from
ServletInput Stream line by line and inserting into DB), does that
mean I have to decrypt my info line by line.
Which I think would be a costly operation.

2. On the second approach - Since I m using Oracle 9i appserver and
it does support https also.
But I would like to use Https for Upload only , otherwise my
whole application would unnecessary suffer.
How can I do the same.

Thanks & Regards
Dushyant Bhardwaj
 
Joe Ess
Bartender
Posts: 9626
16
Mac OS X Linux Windows
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Originally posted by Dushyant Bhardwaj:
does that mean I have to decrypt my info line by line. Which I think would be a costly operation.


You can always save and decrypt a temporary file or use buffering to decode a chunk at a time, then work on lines within the chunk. As for how costly these operations are, there's only one way to be sure. Implement, benchmark, repeat.


2. But I would like to use Https for Upload only , otherwise my
whole application would unnecessary suffer.


HTTPS, like HTTP, is a request-response protocol. There's no way I know of to do HTTPS on the upload, then HTTP on the download. I doubt if you would notice the difference between HTTP and HTTPS if you have reasonable hardware.
 
reply
    Bookmark Topic Watch Topic
  • New Topic