When I tried to use Snowflake JDBC (3.13.16) to download a file via downloadStream() method from internal stage, which has encryption option set to "snowflake_sse", I'm getting NullPointerException. I found that if I change the stage encryption to "snowflake_full", which enables client side encryption, the exception disappear and file is downloaded successfully.
However, if encryption is set to "snowflake_full", I can't use presigned url to download the files because the downloaded content is not decrypted.
So my question is, is there a way to use downloadStream() function from Snowflake JDBC with server-side encrypted stage? or is there a way to use presigned url to download decrypted file when stage is client-side encrypted?
Related
I have a website where users need to see a link to download a file (approximately 100 MB size) only after authenticating (userid/password) themselves in the website. Users should not be able to copy the link and use it later without authentication.
Can a REST API with (Transfer-Encoding: chunked) return such a huge file size without being timed-out?
Note: We currently have java springboot based APIs for some basic functions returning JSON (text) response
How can I prevent the URL from being accessed later without authentication ?
Any approach to generate dynamic URLs which will be valid only for few mins ? Should this logic be in the app server or CMS like Drupal have this feature ?
I am open to store this file in DB or Drupal or a file server as per the recommended approach for securely download the file. This file is not text/image/pdf, it will be a binary file.
Note: My system does not use any Public Cloud like AWS/GCP/Azure
Has anyone encountered a file that has an extension of ".ehi" before?
If I open it using Wordpad, its contents are not readable strings.
What app should I use in order to open this file type?
What is an EHI file?
Config file used by HTTP Injector, an Android app used to modify
requests and access blocked websites behind firewall with SSH support
and proxy server; contains settings that configure HTTP Injector,
which includes server login credentials and security/locking
information.
Based on this information, it makes sense that the data isn't stored in plain text. The credentials are likely encrypted or otherwise stored in an obfuscated format to help prevent unauthorized access.
Source: https://fileinfo.com/extension/ehi
Im writing a single-page-web-app (angularJs) and a server back-end (node.js). The communication between them is done via REST.
Currently im trying to implement the following scenario:
Upload big files from browser to S3 public bucket.
Copy uploaded file to private bucket on S3
Transcode uploaded file to HTML 5 compatible format (AWS Elastic Transcoder)
Store Meta-Object about the file in DB to access later
I'm racking my brains to get a well working design of the communication/ data-workflow between server and client, but always got stuck at the following questions?
Store file meta-object at the end or at the beginning of the process. If it is at the beginning, i have to store and handle some state information?
Who should start copying uploaded files to private bucket. Server or client? If it is the server, how can the client get informed about the job succeeded?
Who starts the transcoding process? If it is the server, how can the client get informed about the job succeeded?
How would you do this?
there is a pretty good tutorial which describes the use case you are planning to implement: http://www.bitcodin.com/blog/2015/02/create-mpeg-dash-hls-content-for-amazon-s3-and-cloudfront/
If your transcoding system has a RESTfull API (like bitcodin which is used in this tutorial, or any other service) you can do your application also client-side and use the API calls to get the state of your transcodings, etc. However, using the API you can do the same also server-side, whatever fits better for you.
I personally would store the metadata infos at the beginning of the process, as this is the point of time where you generate the "asset" in your database/CMS/etc.
I am looking at using the Camel crypto tool for processing PGP data but have a requirement that the password to the keys used be either encrypted in the configuration file or be sourced from a secure server elsewhere. Is this possible without generating my own PGP processor?
Yes see the security menu on the Apache Camel web site: http://camel.apache.org/security.html
There is a section about configuration security, where you can use camel-jasypt for that: http://camel.apache.org/jasypt.html
This allows you to store encrypted usernames / passwords etc in a .properties file, and then you can refer to these properties from Camel crypto, using Camel's property placeholder: http://camel.apache.org/using-propertyplaceholder.html
I have some passwords that I access via a custom written java class and save the decrypted values in the Registry as String objects.(Note: we do not have access to the Enterprise Edition to leverage the Credentials Vault features.)
I can successfully save them and access them in code but I am having trouble accessing it in the flow. Specifically the Salesforce connector:
<sfdc:config name="ConfigurableSalesforceConnection" username="${sfdc.username}" password="#app.registry.get('salesforcepassword')" securityToken="${sfdc.securityToken}" doc:name="Salesforce" url="${sfdc.url}"/
Some of the Syntax I have used is:
password="#app.registry.get('salesforcepassword')"
and
app.registry['salesforcepassword']
Is this even possible or should I explore different avenues?
Try this
#[app.registry['salesforcepassword']]
Instead of dealing with the registry, you could also encrypt the credentials in your properties file and use Jasypt to decrypt them when the file gets loaded. This is transparent for the application and way easier.
Check this tutorial: http://www.jayway.com/2008/12/09/encrypting-properties-with-jasypt/