Securing uploaded files
Virus scans, encoding/decoding files, and Compression/decompression of BLOB data help to secure uploaded files.
Interfaces for the following tasks help with securing uploaded files in the Web UI Framework and the Rich Client Platform:
- Virus scan
- Encoding/decoding of files
Virus scan
You can plug in logic to scan an uploaded file for viruses. Use the yfs.properties file to plug in the scanner. A default implementation of virus scanning is not available.
The virus scanner interface includes the following methods. For more information, refer to the Javadoc.
- public PLTVirusScanResponse scan(InputStream stream, PLTFileHandlerObj
fileObject)
Called first during uploads and downloads to scan the file input stream as is during the upload/download request.
- public PLTVirusScanResponse scan(PLTFileHandlerObj fileObject)
Called only during uploads to enable the scanning of the file written to temporary directory.
Encoding/decoding of files
The following includes basic information about each method. For more information, refer to the Javadoc.
- public void encode(InputStream iStream, OutputStream oStream)
Encodes the input stream and places it in the output stream. Called during file upload.
- public void decode(InputStream iStream, OutputStream oStream)
Decodes the input stream and places it in the output stream. Called during file download.
Encoding and decoding can negatively affect performance. If the sc.file.upload.encoder property is not set, then encoding and decoding are skipped.
Compression/decompression of BLOB data
You can compress and decompress data that is stored in columns and tables. The actual file content, stored as bytes in the PLT_FILE_DATA table, follows this mechanism by marking the column as CompressionSupported=true and UseCompression=true.