Can encryption be solution in this situation

Question

I am using a EMC Documentum content management system. I am trying to automate some file importing (moving files to CMS repository) with the help of their own API. (Dont panic by this next sentence, just read it, since its EMCs' own API that you may be unaware of) For that, I have to first create an object of type IDfFile and then pass that object to IDfImportNode.add() which performs importing.

What I want to do is to fetch the file at runtime from one server and immediately perform import operation. I want to do all this in-memory, without saving fetched files on the disk - since those files are confidential.

However the problem is that IdfFile(string) takes absolute path of the file to be imported. So the file has to exist on the disk physically, which will eventually leave traces of files on disk even after I delete files after import. I was guessing if it can take Stream object, but there is no such overload.

So I want to know if I can encrypt files before saving to disk or any other way out of it. Or that I request EMC people to provide suitable API method.

Answer 1

The way to do this is to use the IDfSysObject.setContent() method. It is going to be more code, because you can't use the Import operation conveniences, but it should allow you to save a stream. Maybe something like this (but you would already have the stream from somewhere):

File pdfInput = new File("C:\\Rupinder\\MyFile.txt");
byte[] outBytes = new byte[(int)pdfInput.length()];

FileInputStream fileInputStream = new FileInputStream(pdfInput);
fileInputStream.read(outBytes);

ByteArrayOutputStream out = new ByteArrayOutputStream();
out.write(outBytes);

IDfSysObject sysObj = (IDfSysObject)session.newObject("c_pdf");
sysObj.setObjectName("testDoc");
sysObj.setContentType("crtext");
sysObj.setTitle("import operation");
sysObj.link("/Temp/Source Folder"); 
sysObj.setContent(out);
sysObj.save();

source: https://community.emc.com/message/98225

Answer 2

If the files are truly confidential, and you really want to go through so much trouble to keep them that way, you should have encrypted them in the first place.

The files leaving traces on disk should be the least of your worries, one would need physical access to the disk to perform deep sleuthing on it to find out what the files were. Much more realistic problems are attackers gaining access to the server and reading the files like that.

But to still answer your question:

• Encryption could be a solution to a lot of things, but always consider if it's worth it.
• You could always ask the "EMC people" for a solution to this, of course, especially if you have commercial support

Answer 3

for leaving traces of the file on the disk, it's easy: encrypt the disk. Take some solution like Truecrypt, encrypt the whole disk, mount it, run your program. Everything that is saved in the disk will be encrypted, but it will be transparent to your program (it will only read and write to a device, and won't have to bother if the file is stored encrypted or not).

The problems are:

• if someone has access to your computer while it is doing that, he can read the files

• if your computer is hacked somehow and can be accessed from the outside, he can read the files