how to secure the file uploading process using form-based upload

[david wolf]

Hi,

I am using apache commns fileupload to let users to upload their files
to a web site. The web site itself is using https protol, so that the
file is securely uploade through the internet using the HTML form based
uploading process. However, when the file lands on the hard disk of the
web server, it is unencrypted.

My question is that, if my web site is compromised by some attacker,
these files will be exposed to the attacker, is there a way to do the
follows:

1) Make the landed file to be encrypted when it is landing (even for
the temporary file that the fileuploading process written during the
file upload process).

2) Is there any other alternative approach to achieve this, e.g.
another libary I can use to make the downloaded file always to be
encrypted?

Thanks,

David

 

[Oliver Wong]

Hi,

I am using apache commns fileupload to let users to upload their files
to a web site. The web site itself is using https protol, so that the
file is securely uploade through the internet using the HTML form based
uploading process. However, when the file lands on the hard disk of the
web server, it is unencrypted.

My question is that, if my web site is compromised by some attacker,
these files will be exposed to the attacker, is there a way to do the
follows:

1) Make the landed file to be encrypted when it is landing (even for
the temporary file that the fileuploading process written during the
file upload process).

2) Is there any other alternative approach to achieve this, e.g.
another libary I can use to make the downloaded file always to be
encrypted?

How about having the client encrypt the file before uploading it?

- Oliver

 

[david wolf]

It is not feasible to let the client encrypt our file. Any other
suggestions?

 

[Oliver Wong]

It is not feasible to let the client encrypt our file. Any other
suggestions?

I think if your server is compromised by attackers, there is nothing you
can do on the server side to prevent access to data uploaded to that server.

- Oliver

 

[Babu Kalakrishnan]

I am using apache commns fileupload to let users to upload their files
to a web site. The web site itself is using https protol, so that the
file is securely uploade through the internet using the HTML form based
uploading process. However, when the file lands on the hard disk of the
web server, it is unencrypted.

My question is that, if my web site is compromised by some attacker,
these files will be exposed to the attacker, is there a way to do the
follows:

1) Make the landed file to be encrypted when it is landing (even for
the temporary file that the fileuploading process written during the
file upload process).

2) Is there any other alternative approach to achieve this, e.g.
another libary I can use to make the downloaded file always to be
encrypted?

You could have the server side code perform encryption of the file data
before it is written out to disk. The crypto implementation classes
provided in JDK 1.4+ should be adequate for this purpose.

As for temporary files being exposed, I'm not that familiar with the
Apache FileUpload API - but you could check if some way of accessing the
incoming file data as a stream is available that does not involve
creating temporary files - If it is, then you could perform on the fly
encryption on the stream, and the data would never appear on disk in its
unencrypted form.

BK

 

[Oliver Wong]

I am using apache commns fileupload to let users to upload their files
to a web site. The web site itself is using https protol, so that the
file is securely uploade through the internet using the HTML form based
uploading process. However, when the file lands on the hard disk of the
web server, it is unencrypted.

My question is that, if my web site is compromised by some attacker,
these files will be exposed to the attacker, is there a way to do the
follows:

[...]
As for temporary files being exposed, I'm not that familiar with the
Apache FileUpload API - but you could check if some way of accessing the
incoming file data as a stream is available that does not involve creating
temporary files - If it is, then you could perform on the fly encryption
on the stream, and the data would never appear on disk in its unencrypted
form.

Well, the data might appear inside of the OS swap file...

- Oliver

 

[Babu Kalakrishnan]

I am using apache commns fileupload to let users to upload their files
to a web site. The web site itself is using https protol, so that the
file is securely uploade through the internet using the HTML form based
uploading process. However, when the file lands on the hard disk of the
web server, it is unencrypted.

My question is that, if my web site is compromised by some attacker,
these files will be exposed to the attacker, is there a way to do the
follows:

[...]

As for temporary files being exposed, I'm not that familiar with the
Apache FileUpload API - but you could check if some way of accessing
the incoming file data as a stream is available that does not involve
creating temporary files - If it is, then you could perform on the fly
encryption on the stream, and the data would never appear on disk in
its unencrypted form.

Well, the data might appear inside of the OS swap file...

Still worse, the hacker could replace the servlet code with his own
version that writes out an unencrypted copy of the file. So he
doesn't have to really depend on whether the OS uses swap files or not.

BK