0

When working with an application on C# I am creating a few temporary files using the following logic:

Creating Temp File

private static string CreateTmpFile()
{
string fileName = string.Empty;

try
{
    // Get the full name of the newly created Temporary file. 
    // Note that the GetTempFileName() method actually creates
    // a 0-byte file and returns the name of the created file.
    fileName = Path.GetTempFileName();

    // Craete a FileInfo object to set the file's attributes
    FileInfo fileInfo = new FileInfo(fileName);

    // Set the Attribute property of this file to Temporary. 
    // Although this is not completely necessary, the .NET Framework is able 
    // to optimize the use of Temporary files by keeping them cached in memory.
    fileInfo.Attributes = FileAttributes.Temporary;

    Console.WriteLine("TEMP file created at: " + fileName);
}
catch (Exception ex)
{
   Console.WriteLine("Unable to create TEMP file or set its attributes: " + ex.Message);
}

return fileName;
}

Writing to Temp File

private static void UpdateTmpFile(string tmpFile)
{
try
{
    // Write to the temp file.
    StreamWriter streamWriter = File.AppendText(tmpFile);
    streamWriter.WriteLine("Hello from www.daveoncsharp.com!");
    streamWriter.Flush();
    streamWriter.Close();

    Console.WriteLine("TEMP file updated.");
}
catch (Exception ex)
{
    Console.WriteLine("Error writing to TEMP file: " + ex.Message);
}
}

I have also tried and followed some of the implementations found on this link for another question and am using the following implementations in my code : Storing the file in the AppData Folder for using the ACL

However I have been asked to make sure that :

  1. The temp files cannot be read by anyone(Not even the user) during application runtime,
  2. And to make sure that they are deleted even when force closing the application

For case 1: The temp files cannot be read by anyone(Not even the user) during application runtime, How can I implement this for my application files? The temp files contain sensitive data which should not be readable even if the user themselves would like to read. Is there a way I can do that?

For case 2: To make sure that they are deleted even when force closing the application Here I would like to make sure than even with force close or a sudden restart the files are deleted.

If Force close: then delete the files before force close

If Restart: then delete the files on next startup

Are these doable?

Rohit Jainani
  • 27
  • 4
  • 4
    Encrypt the files. However, the real problem is you are using the users own pc to do secure tasks. If security is a concern, you should be doing this in a remote context away from dirty little fingers. Anyone with half a days google experience will be able to circumvent almost everything you do otherwise – TheGeneral Jul 01 '20 at 02:40
  • 2
    The problem with 1 is that the application uses the user's permissions to read the file. Sure, you could have a service that runs as a different user and use inter-process communication, but depending on the user's rights on the machine, it's still possible to access the file. Even in Windows 10 it's still possible to get a system-level (i.e. SYSTEM user) command prompt as a local administrator. As for number 2, that's impossible. Suppose the user switches their machine off at the wall, suppose your app runs on startup but the user deletes it using safe mode, etc. – ProgrammingLlama Jul 01 '20 at 02:48
  • 3
    The only realistic solution is to encrypt the files and then not care if they still exist or not. The problem there is that sufficiently technical users will reverse engineer your application and extract your encryption keys, etc. As @TheGeneral says, if you need security protections against the user then you probably shouldn't be doing these things on the user's machine. – ProgrammingLlama Jul 01 '20 at 02:49

0 Answers0