Change the name of the pdf file to hash and then manage to undo the name to read again

Asked

Viewed 456 times

0

I’m doing a feature on a system where; Any sector will upload an important file, this file contains sensitive information linked to each employee of the company. Each employee can open his own file, but no other can open it.

The file is in PDF format, and all follow a rule of ex nomenclature: ano-mes-codigofuncionario.pdf. What happens... when I allow the employee to download your file, he will see the name and if he understands the logic of the names, he may change the employee code and view other people’s files.

I would then like, at the time of saving the file to disk, to generate a hash based on the file name policies and when I need to identify the file to designate each employee I could "decrypt" and take the original name. The end result should look something like: fe415d322sefe185d32sd1f51000e1fea6e.pdf, this way it will be more difficult for other employees to try to view other files.

Here I saved on disk:

private void SalvarArquivo(HttpPostedFile file)
{
    var pathString = DiretorioTemp();

    var fileName1 = Path.GetFileName(file.FileName);
    bool isExists = Directory.Exists(pathString);

    if (!isExists)
        Directory.CreateDirectory(pathString);

    var path = string.Format("{0}\\{1}", pathString, file.FileName);
    file.SaveAs(path);
}

After reading the file I click the button for the user, respecting the rules that are used to name the original file.

public static void Download(string fName)
    {
        FileInfo fInfo = new FileInfo(fName);
        HttpContext.Current.Response.Clear();
        HttpContext.Current.Response.ContentType = "application/octet-stream";
        HttpContext.Current.Response.AddHeader("Content-Disposition", "attachment; filename=\"" + fInfo.Name + "\"");
        HttpContext.Current.Response.AddHeader("Content-Length", fInfo.Length.ToString());
        HttpContext.Current.Response.Flush();
        HttpContext.Current.Response.WriteFile(fInfo.FullName);
        fInfo = null;
    }

Note: If I generate a hash and cannot undo it will not help, because I do not know the parameters used on the date the files were inserted.

Remembering that, windows does not allow some characters(* / \ < >) for this reason I would like something that is simple.

  • This information is not saved in the bank?

  • I’m not saving in the bank.

  • Then the way is to save with the original name and change the name when downloading. You can ask the question the code that downloads the file?

  • You download with Process.Start???

  • This, I just search the file and play for it on the screen (to print)

  • This isn’t ASP.NET, right?

  • I’m using Process.Start just to take the test to return the file, the problem I have is to inhibit the name so that it does not find. It is Asp.net

  • I’m not sure I understand. At the end of it all you’ll need to do the download file, right? Via ASP.NET MVC, right?

  • This project is still in Asp.net Webforms and yes, the end result is to make the file download available.

  • Right. I don’t know about Webforms. You can ask the question the code you use to do download?

Show 5 more comments

2 answers

1


The logic is very simple: you keep the files with the original names in the system and when to send to download send it under another name

public static void Download(string fName)
{
    FileInfo fInfo = new FileInfo(fName);

    HttpContext.Current.Response.Clear();
    HttpContext.Current.Response.ContentType = "application/octet-stream";

    HttpContext.Current.Response.AddHeader("Content-Disposition", "attachment; filename=\"" + Guid.NewGuid() + ".pdf\""); // Aqui está o segredo

    HttpContext.Current.Response.AddHeader("Content-Length", fInfo.Length.ToString());

    HttpContext.Current.Response.Flush();
    HttpContext.Current.Response.WriteFile(fInfo.FullName);
    fInfo = null;
}
  • I was blind rsrsr, I thought so much about wanting to rename that I forgot about the end... That’s right! Just left to put there after Guid.Newguid() + ". pdf"

0

This is impossible using Hash, since that is the purpose of it, to be Oneway, when the code is generated it does not return. To solve your problem I suggest using Base64. in C#: To meet:

public static string Base64Encode(string plainText) {
  var plainTextBytes = System.Text.Encoding.UTF8.GetBytes(plainText);
  return System.Convert.ToBase64String(plainTextBytes);
}

To disentangle:

public static string Base64Decode(string base64EncodedData) {
  var base64EncodedBytes = System.Convert.FromBase64String(base64EncodedData);
  return System.Text.Encoding.UTF8.GetString(base64EncodedBytes);
}

I also suggest using password in PDF files, where the password is the first 3 digits of his CPF or any other code of its kind. This can be done with the PDF Sharp

// Open an existing document. Providing an unrequired password is ignored.
PdfDocument document = PdfReader.Open(filename, "some text");

PdfSecuritySettings securitySettings = document.SecuritySettings;

// Setting one of the passwords automatically sets the security level to 
// PdfDocumentSecurityLevel.Encrypted128Bit.
securitySettings.UserPassword  = "user";
securitySettings.OwnerPassword = "owner";

// Don't use 40 bit encryption unless needed for compatibility reasons
//securitySettings.DocumentSecurityLevel = PdfDocumentSecurityLevel.Encrypted40Bit;

// Restrict some rights.
securitySettings.PermitAccessibilityExtractContent = false;
securitySettings.PermitAnnotations = false;
securitySettings.PermitAssembleDocument = false;
securitySettings.PermitExtractContent = false;
securitySettings.PermitFormsFill = true;
securitySettings.PermitFullQualityPrint = false;
securitySettings.PermitModifyDocument = true;
securitySettings.PermitPrint = false;

// Save the document...
document.Save(filename);

SOURCE

  • Base64 will generate characters names that windows does not allow to name files.

Browser other questions tagged

You are not signed in. Login or sign up in order to post.