I'm using a system where we have built-in functionality to add Metadata tags to Jpeg images through the Apache Commons Imaging library. This library allows for modification of Metadata directly through an InputStream. This metadata is then read by Symantec DLP installed on our End User's machines to keep them from doing questionable things with tagged files(copy to flash, other storage, email, etc.). The issue is that a user can still modify the tag after the fact because the file is writable, pretty much invalidating the security effort.
我正在使用一个系统,我们有内置的功能,通过Apache Commons Imaging库将元数据标签添加到Jpeg图像。该库允许直接通过InputStream修改元数据。然后,安装在我们最终用户计算机上的Symantec DLP会读取此元数据,以防止他们对标记文件(复制到闪存,其他存储,电子邮件等)进行可疑操作。问题是用户仍然可以在事后修改标签,因为文件是可写的,几乎使安全工作无效。
I'm looking to find out a way to write metadata for a file to become read-only in a similar fashion, by modifying the data through something that can wrap around an InputStream.
我正在寻找一种方法来编写文件的元数据,以便以类似的方式变为只读,方法是通过可以环绕InputStream的东西修改数据。
The Java File object has a built in method called setReadOnly() that could be used in theory, but the issue is that I'm never able to create a File object directly. We receive an InputStream from the client, modify it with other libraries, and encrypt it all before writing it to storage for security reasons. If I add the tag to the encrypted file, it will be removed on decryption. Apache Commons Imaging supports a host of metadata tag types, but I have been unsuccesful in finding any R/W tags supported.
Java File对象有一个名为setReadOnly()的内置方法,可以在理论上使用,但问题是我永远无法直接创建File对象。我们从客户端接收InputStream,使用其他库对其进行修改,并在出于安全原因将其写入存储之前对其进行加密。如果我将标记添加到加密文件中,它将在解密时删除。 Apache Commons Imaging支持许多元数据标记类型,但我在寻找任何支持的R / W标记时都不成功。
Does anybody know how to set a File to be persistently read-only directly through an InputStream or some derived object using core Java, Apache Commons Imaging, or a useful third party library?
有没有人知道如何使用核心Java,Apache Commons Imaging或有用的第三方库直接通过InputStream或某些派生对象将文件设置为持久只读?
1 个解决方案
#1
0
You can do this really easily by just using
ProcessBuilder to chmod the file.
只需使用ProcessBuilder来chmod文件,就可以非常轻松地完成这项工作。
Something like:
String fileLoc = "/var/tmp/myImage.jpg";
String[] cmd = {"chmod", "0444", fileLoc};
ProcessBuilder pb = new ProcessBuilder(cmd);
Process process = pb.start();
int error = process.waitFor();
if (error != 0){
//non 0 means something bad happend
}
EDIT: If you can't access it as a file, and only have it as a stream, you cannot set it to read only as that is a file system property, and nothing in the file actually changes.
编辑:如果您无法将其作为文件访问,并且只将其作为流进行访问,则不能将其设置为只读,因为它是文件系统属性,并且文件中的任何内容实际上都不会更改。
#1
0
You can do this really easily by just using
ProcessBuilder to chmod the file.
只需使用ProcessBuilder来chmod文件,就可以非常轻松地完成这项工作。
Something like:
String fileLoc = "/var/tmp/myImage.jpg";
String[] cmd = {"chmod", "0444", fileLoc};
ProcessBuilder pb = new ProcessBuilder(cmd);
Process process = pb.start();
int error = process.waitFor();
if (error != 0){
//non 0 means something bad happend
}
EDIT: If you can't access it as a file, and only have it as a stream, you cannot set it to read only as that is a file system property, and nothing in the file actually changes.
编辑:如果您无法将其作为文件访问,并且只将其作为流进行访问,则不能将其设置为只读,因为它是文件系统属性,并且文件中的任何内容实际上都不会更改。