I am creating a mac application which encrypts a file. Now when the user is ready to open the file I have to decrypt it and pass it along to a application, let's say preview in this case.
What is the best approach to do this?
Should I decrypt the file to a location and send that location to preview? Is that's the best approach can I do any file permissions to other apps or process do not access this file?
If you have to put a cleartext file on the file system to allow another program to read it then it may be impossible to make this 100% secure. My preference would be to avoid that if security is important. Possible alternatives are:
Use an encrypted interchange format that the other tool accepts. For example, Preview can read encrypted PDFs. You can use PDF Kit or the underlying Quartz 2D library to write encrypted PDFs. Note that the default encryption is 40-bit; you would probably want to increase this with kCGPDFContextEncryptionKeyLength.
Serve the data via localhost to the other program, e.g. a browser. You could embed a loopback web server into your application and present your data as a web page. You should disable browser caching (to keep the browser from writing cleartext) and you will need to add some form of authentication (to keep an attacker from querying for the data).
If you must put cleartext on the file system, besides restricting file permissions you can unlink the file once it has been opened by the other program. This will prevent normal methods of accessing the file and will delete it when the other program closes it. This does not, however, protect against file system access before the file is unlinked or against attacks that bypass the file system.
Related
My server has links to other servers. I have a relationship with the managers of those servers. I want to be sure that links to PDF files make the client Browser prompt the user to SAVE the file, not to have the file open directly in the Web browser. I don't believe I need to change the HTTP Headers on my server, I need to ask the admins on the associated servers to change THEIR HTTP headers to "allow cross origin" when they receive requests from my site as the "referrer". Is this correct? It's not easy to get this answer, lots of examples to this type of query talk about "go to your Browser settings and change how PDFs are handled", but I need a solution that, apart from users who HAVE set their Browser as their OS default PDF viewer, the PDF files will download to be opened in a sophisticated and powerful PDF renderer.
Tried some experiments on two servers I have direct control over, it seemed to work, but now need to engage with other server admins and I want to be sure I'm asking them to alter their HTTP config header without bothering them excessively: I don't want to have to do a lot of "experiments" with them, I want to be confident that what I'm asking them to do or change is correct.
I am trying to read files from my music directory on my PC.
I have tried doing it with the node.js file system module, but it is not working. How do I get it to work?😢
Just a late follow-up. It is possible to read and write files using HTML5 with the FileReader and saveAs(). The browser will open a file dialogue and let the user choose the file, so the user is aware of the file access. It is not possible to read or write to a file without the user's attention.
https://developer.mozilla.org/en-US/docs/Web/API/FileReader
As said by #flame in a comment, it's just impossible, because the browser never have access to the visitor's disk (do you imagine the security issue if it was the case ?).
Vue.js is a Front-end framework, so the application it produces only have access to what the browser has access to.
I want to read the content of a text file (serves as a key) stored inside a USB mass storage automatically when the user is authenticated by his matching username and password for that website. It's like the textfile(key) is the extended authentication.
I think this needs to can be done by a (1) native program? or an (2) applet? What do i need to study? Can someone give me an overview for the process to make this possible?
Quite good in web tech but not with native app.
You cannot access USB mass storage devices through chrome.usb as they are claimed and handled by the host operating system.
Instead you could use the chrome.fileSystem API, but the user will need to select the file. Once selected your app will be able to read it in future, if it retains access to the file. See the API documentation for more details.
If you want this only for Internet Explorer, You can create an Active X. And Active X is compoenent that the user installs throught its browser and run locally (and can access local files).
Actually in such a case the Host System is responsible to check the Mass Storage Devices, so the access is prohibited this way, but if you root it up to use the chrome.fileSystem.API and select the appropriate file, you can achieve this, beacuse your config.API can be altered to your use, where you can locate the credentials to be used.(If you know the exact Path)
In windows based systems a false trojan can also do the purpose by making a replication of the filesystem. Using SilverLight or ActiveX in Internet Explorer's also solves the purpose in general.
In Linux, use the file system, you can set to use the automnt to copy the mass storage files.
Why not try building a .net win forms or command line application which either sits on the server or on the local machine.
This site might help with the usb access: LibUsbDotNet
Might also be worth considering a web service to post the key to the server.
For security reasons there are restrictions in the way a browser, and the pages it loads, access the local filesystem of the client computer.
Is it safe to assume you only require this to work on a specific browser? As Ben said, please share more details about your requirement for a more comprehensive solution
I have developed one OOB SL4 applicaton for a food chain, and it stores outlet bills locally in isolated storage, and these bills gets uploaded when Internet connection would be available. All is working fine.
But I have seen that if I open silverlight configuration dialogue->isolated storage, can delete the isolated storage of the application. So If there are 1000 bills are pending to upload gets deleted.
Is there any way to prevent the same?, I don;t think so , I know My documents is one more place, but I am looking for alternate way to store data safely?
I tried the Comtoolkit but seems that behaviour is not consistent and not production quality code
As #NestorArturo states it seems there is no configuration to prevent this.
However, an alternative, for an out of browser application is to use the file system.
File system access. Trusted applications can access System.IO types
and related types that are otherwise unavailable to Silverlight. These
APIs provide direct read and write access to files in user folders on
the local computer. For more information, see How to: Access the Local
File System in Trusted Applications.
A third alternative is to write your own COM component; via this technique, you can gain full access to the system.
I am trying to build a large file uploader. Currently I am using swfupload and nginx + rails and I am able to upload a file as large as 1 GB before running into problems. After 1 GB, depending on OS, swfuploader starts locking up or just starts throwing 500 errors.
I noticed that Vimeo offers 2GB uploads using a desktop uploader. Flickr has something similar too (and I think they support pausing the uploads). What protocol can be used for such a desktop uploader? Can FTP be used for this?
Thanks
Prateek
Na, I would not use FTP for this, for the following reasons:
FTP is evil and should die (active/passive connections, unencrypted credentials)
Doing proper handling of security would be complex. You cannot use a single account for everything (as the credentials will need to be embedded in your client-side software), so you would need an FTP server which can authenticate against your web application's user database (possible, but longwinded)
You would need to write some integration between your app and your FTP server
You could handle this using a custom simple protocol. I don't know if doing it over HTTP would be efficient, but if it was, you would just need to POST parts of your file and handle it server-side. Just make sure you allow partial uploading. It should be pretty simple to implement.