Google APIs Client Library for C++
Static Public Member Functions
SensitiveFileUtils Class Reference
Platform Layer - File Support

Helper functions for managing sensitive files. More...

#include "client/util/file_utils.h"

List of all members.

Static Public Member Functions

static util::Status VerifyIsSecureFile (const string &path, bool writable_allowed)
 Checks that the provided path is secure file.
static util::Status VerifyIsSecureDirectory (const string &path)
 Checks that the provided path is a secure directory.
static util::Status CreateSecureDirectoryRecursively (const string &path)
 Creates a secure directory at the specified path if it does not already exist.
static util::Status WriteSensitiveStringToFile (const StringPiece &data, const string &path, bool overwrite)
 Writes the given data to a secure file at the specified path.
static util::Status DeleteSensitiveFile (const string &path)
 Deletes the file, but does not prevent the data from being unrecoverable.

Detailed Description

Helper functions for managing sensitive files.

WARNING(ewiseblatt): 20130304 These files are not reliably secure. We are managing OS level permissions and relying on the OS to protect the contents. We make some attempt to securely delete the contents of files but not necessarily robust. For truely sensitive data, consider encrypting the files instead.

Member Function Documentation

static util::Status CreateSecureDirectoryRecursively ( const string &  path) [static]

Creates a secure directory at the specified path if it does not already exist.

Any directories that are created will be created wth secure permissions (user rwx only).

Parameters:
[in]pathThe desired directory path.
Returns:
ok if the path exists as a secure directory when done. Otherwise an error indicating why it could not be created.
static util::Status DeleteSensitiveFile ( const string &  path) [static]

Deletes the file, but does not prevent the data from being unrecoverable.

This function will make some attempts to prevent the data from being reovered, it is still not secure. There are many ways in which the OS itself may have leaked some data on disk.

Parameters:
[in]pathThe to the file to delete
Returns:
ok if the file could be deleted, otherwise an error explaining the failure.
static util::Status VerifyIsSecureDirectory ( const string &  path) [static]

Checks that the provided path is a secure directory.

Parameters:
[in]pathThe path to check should be an existing directoy.
Returns:
ok status if it is secure, otherwise an error explaining the concern.
static util::Status VerifyIsSecureFile ( const string &  path,
bool  writable_allowed 
) [static]

Checks that the provided path is secure file.

Secure paths can only be user read-writable and not a symbolic link.

Parameters:
[in]pathThe path to check should be an existing file.
[in]writable_allowedtrue if path may be writable. false if it must be read-only.
Returns:
ok status if it is secure, otherwise an error explaining the concern.
static util::Status WriteSensitiveStringToFile ( const StringPiece &  data,
const string &  path,
bool  overwrite 
) [static]

Writes the given data to a secure file at the specified path.

Parameters:
[in]dataThe data to write is considered a binary string so will not be implicitly null terminated.
[in]pathThe path to write to.
[in]overwriteIf true then overwrite any existing file at the path. Otherwise fail if a file already exists.
Returns:
ok or reason for failure to write the file.
The documentation for this class was generated from the following file:
 All Classes Namespaces Files Functions Variables Typedefs Enumerations Enumerator Friends Defines