Internal directory



  • Hi.
    I am doing a windows/linux application using qt. I need to load some files from the disk. However i do not want for other applications or users to see or use such files. Is there any way to do a kind of "private" directory where only my application can save and read files?

    @QString myPrivateDirectory (QDesktopServices::storageLocation (QDesktopServices::DataLocation));@

    gives a more obscure directory.. but not safe..

    [edit : added @ code tags, Eddy]


  • Moderators

    Welcome to devnet

    If you are reading from those files only, you could use the "resource system":http://developer.qt.nokia.com/doc/qt-4.7/resources.html
    The file information will be stored in your application. So it is probably not the best solution for larger files.


  • Moderators

    All applications run under the id of the user that started them. So if you want your application to read data, then the user can also read it. So, no, there is no safe directory on linux.

    If you have static data you can build it into your exectuable using the Qt resource system.



  • Thanks for both your answers.
    Its kind of what i was expecting..

    Is there any way to emulate a memory file system in qt?
    what i want to do is download a file from internet and store it just the time that it takes to process it. The problem is that i am using 3rd party libs and the only way to use it is by passing a char* with the filename location..


  • Moderators

    The only solution coming to my mind immediately would be a temporary file during the executation of your application. In case of a crash it may remain somewhere and is accessible to the user.



  • thanks..
    but it also leaves the problem of being accessed by external users..
    going to try this:
    http://labs.qt.nokia.com/2007/10/15/file-mapping/



  • Well, yes, there is actually, though the needed API is marked deprecated and will not be in Qt 5.

    What you could do, is create a [[doc:QAbstractFileEngine]] subclass. That would enable you to create an in-memory implementation of a file system, and use it using all the normal Qt classes.

    On Linux, another approach is that you can create a file, open it, and immediately delete it again. That way, as long your application keeps the file open, it is accessible only to your application. I don't think windows supports this trick though.



  • [quote author="ruiluis" date="1323685668"]
    what i want to do is download a file from internet and store it just the time that it takes to process it. The problem is that i am using 3rd party libs and the only way to use it is by passing a char* with the filename location..[/quote]

    It seems to me you are overestimating the problem. I suspect the file will be of a few bytes to a few kilobytes, so it will not take so much longer to parse/analyze it. If this is the case, your application could store the file with a strange name and delete it on exiting (or as soon as you want). In the case of an application crash the file could still be present somewhere, and this depends on the operating system (e.g., if the temporary file is on memory it will deleted as soon as memory is required). By the way, going with an in-memory file will not solve all your problems, since a memory dump could still occur...but as I said, I guess this is a little overestimated. Depending on the third party library you could also try to use a named pipe to pass the content of the file without having to store it locally, but again depends on the operating system and on the implementation of the library.



  • @Andre
    the QAFE subclass would not solve the problem, as it only works with Qt classes, but not with the external library that takes the const char pointer - that is not aware of the RAM disk.

    The problem in its current presentation is unsolvable. As long as your library behaves kind of "external" to Qt, you will have to pass it a const char pointer. That points to a file that must be readable by the user running the process. So any other process run by the same user can access the file too.

    And I agree with fluca1978, you either over estimate the problem or - if security is of such a big concern - saving it somewhere is the error in the first place.

    Don't waste your time in the file mapping approach. It maps existing files into memory. You will have to save to the file beforehand.



  • [quote author="Volker" date="1323695271"]@Andre
    the QAFE subclass would not solve the problem, as it only works with Qt classes, but not with the external library that takes the const char pointer - that is not aware of the RAM disk.
    [/quote]
    Right, I missed that comment. In that case, the suggestion I gave for Linux is also not going to work. You will need to solve this as the OS level, if possible, but I am not aware of process-private ram-disc implementations.

    I agree with Fluca1978: why is it so important for you that you cannot use temporary files on the normal file system that are potentialy visible to the user (and other users) of the system?



  • using the temporary files i have always the problem of being accessed by the user.. if its protected content is a bit bad.. i will try to change the 3rd party library.. if not.. temporary files...

    Thanks for your help.



  • I believe that the real problem is about leaving this files around the system for a while, so I will search for another solution like making the file hidden, place it into random destinations (to avoid the user to understand where the file is going to be saved), and so on.
    By the way, the best solution is to have the library to work with a stream, if possible.



  • I would not just save the file in random places. A determined user will find them anyway (the OS can tell you what files are used by what process). More and more platforms will constrict applications' writing permissions to certain designated directories. It is a good idea to make your application well-behaved, and prevent spreading temporary files all over the system. Who cleans them up if your application (or the system as a whole) crashes?

    I agree that the library accepting streams instead of files is best. Otherwise, you might considder encrypting the file before storing it (and having the lib able to decrypt again).



  • [quote author="Andre" date="1323702149"]I would not just save the file in random places. A determined user will find them anyway (the OS can tell you what files are used by what process). [/quote]

    Right. I was thinking about a directory tree, let say localstorage populated with random directories which contain random named files, so that it is quite difficult for a user that does not know how to use lsof (or similar) to understand where the file is. Of course, to get a possibility to clean up everything, there must be a common ancestor. But this is a kind of desperate-poor-developer solution!



  • Poorly obfuscating things is usually not worth putting too much effort in it.


  • Moderators

    Qt5 will have QTemporaryDir - maybe you should look into that area? I think the code is already in the repository.



  • Thanks.
    QTemporaryDir will create a directory that will be placed in the system temp path or the current work path.
    that is my current used/tested solution.



  • Well, as you only need a single file (or just a few files, right?), you can probably just use [[doc:QTemporaryFile]].



  • [quote author="Andre" date="1323721023"]Well, as you only need a single file (or just a few files, right?), you can probably just use [[doc:QTemporaryFile]].[/quote]

    Unfortunately, QTemporaryFile has a valid path name only as long as it's open. As soon as you close it, the path name is reset/invalid. I had problems using that together with an external library that takes const char pointers for file paths too (GraphicsMagick in that case).


Log in to reply
 

Looks like your connection to Qt Forum was lost, please wait while we try to reconnect.