Change the name of the pdf file to hash and then be able to undo the name to read again

Navigation
0

I'm doing a feature on a system where; Anyone will upload an important file, this file contains sensitive information linked to each employee of the company. Each employee can open his / her own file, but no one else can open it.

The file is in PDF format, and all follow a rule of nomenclature eg: ano-mes-codigofuncionario.pdf . What happens ... when I allow the employee to download his file, he will see the name and if he understands the logic of the names, he can change the employee code and view other files people.

I would then, when saving the file to disk, generate a hash based on the file name policies and when I need to identify the file to assign to each employee I could "decrypt" and get the original name. The final result should be something like: fe415d322sefe185d32sd1f51000e1fea6e.pdf , this way it will be harder for other employees to try to view other files.

Here I saved to disk: 

private void SalvarArquivo(HttpPostedFile file)
{
    var pathString = DiretorioTemp();

    var fileName1 = Path.GetFileName(file.FileName);
    bool isExists = Directory.Exists(pathString);

    if (!isExists)
        Directory.CreateDirectory(pathString);

    var path = string.Format("{0}\{1}", pathString, file.FileName);
    file.SaveAs(path);
}

After reading the file I click on the button for the user, respecting the rules that are used to name the original file. 

public static void Download(string fName)
    {
        FileInfo fInfo = new FileInfo(fName);
        HttpContext.Current.Response.Clear();
        HttpContext.Current.Response.ContentType = "application/octet-stream";
        HttpContext.Current.Response.AddHeader("Content-Disposition", "attachment; filename=\"" + fInfo.Name + "\"");
        HttpContext.Current.Response.AddHeader("Content-Length", fInfo.Length.ToString());
        HttpContext.Current.Response.Flush();
        HttpContext.Current.Response.WriteFile(fInfo.FullName);
        fInfo = null;
    }

Note: If I generate a hash and can not undo it, it will not work because I will not know the parameters used when the files were inserted.

Remembering that windows does not allow some characters (* / \ < >) for this reason I would like something simple.

    
asked by anonymous 23.06.2017 / 22:00

2 answers

1

The logic is very simple: you keep the files with the original names in the system and when you send them to download send it under another name 

public static void Download(string fName)
{
    FileInfo fInfo = new FileInfo(fName);

    HttpContext.Current.Response.Clear();
    HttpContext.Current.Response.ContentType = "application/octet-stream";

    HttpContext.Current.Response.AddHeader("Content-Disposition", "attachment; filename=\"" + Guid.NewGuid() + ".pdf\""); // Aqui está o segredo

    HttpContext.Current.Response.AddHeader("Content-Length", fInfo.Length.ToString());

    HttpContext.Current.Response.Flush();
    HttpContext.Current.Response.WriteFile(fInfo.FullName);
    fInfo = null;
}
    
23.06.2017 / 22:23
0

This is impossible using Hash , since that is the purpose of it, being oneway , when the code is generated it does not come back. To solve your problem I suggest using Base64 .   in C #: To encode: 

public static string Base64Encode(string plainText) {
  var plainTextBytes = System.Text.Encoding.UTF8.GetBytes(plainText);
  return System.Convert.ToBase64String(plainTextBytes);
}

To uncork: 

public static string Base64Decode(string base64EncodedData) {
  var base64EncodedBytes = System.Convert.FromBase64String(base64EncodedData);
  return System.Text.Encoding.UTF8.GetString(base64EncodedBytes);
}

I also suggest using a password in PDF files, where the password is the first 3 digits of his / her CPF or any other code of this type. This can be done with PDF Sharp 

// Open an existing document. Providing an unrequired password is ignored.
PdfDocument document = PdfReader.Open(filename, "some text");

PdfSecuritySettings securitySettings = document.SecuritySettings;

// Setting one of the passwords automatically sets the security level to 
// PdfDocumentSecurityLevel.Encrypted128Bit.
securitySettings.UserPassword  = "user";
securitySettings.OwnerPassword = "owner";

// Don't use 40 bit encryption unless needed for compatibility reasons
//securitySettings.DocumentSecurityLevel = PdfDocumentSecurityLevel.Encrypted40Bit;

// Restrict some rights.
securitySettings.PermitAccessibilityExtractContent = false;
securitySettings.PermitAnnotations = false;
securitySettings.PermitAssembleDocument = false;
securitySettings.PermitExtractContent = false;
securitySettings.PermitFormsFill = true;
securitySettings.PermitFullQualityPrint = false;
securitySettings.PermitModifyDocument = true;
securitySettings.PermitPrint = false;

// Save the document...
document.Save(filename);

SOURCE

    
23.06.2017 / 22:11
Push ionic screens 3 How to use BackHandler (react-native)?