We have a content management system that allows our users to store files uploaded through the REST web service. Before saving these files to the repository, their contents are encrypted.
When these files are extracted, the contents of the file are decrypted and placed in an array of bytes. The goal is to transfer this content back to the client as an attachment of files that they can store on their local machines.
To do this, I currently store the contents in a temporary file and pass the temp file back as an attachment. This approach had the unpleasant side effect of a previously encrypted repository file, which is stored “in clarity” in the temporary directory.
I know that I can set a temporary file for automatic deletion at the end of the JVM, but since this is a server, there may be a lot of time between server reboots.
I can also (I think) set up some kind of listening task to periodically check the temp directory and delete files for a certain age, but this seems cumbersome and doesn’t really solve the problem - it just reduces the exposure time.
I am looking for alternatives to avoid a temporary file, but still allow the user to download the file (preferably in memory) as an attachment through a web service.
Any idea?
Thank!
source
share