file-storage: Updated Sat, 13 Aug 2022 08:42:38 GMT

Is it safe to store application files to user's temp directory?

I'm developing a Node.js library that collects data whenever user runs tests. I would like to persist the data on local disk so that after the test run, user can run a command accessing that data. The test data might potentially contain sensitive data depending on what the user is testing, such as API keys (if the user is accidentally using real API keys for testing).

My first idea was to save the files to temporary directory like this:

const tempBaseDirectory = path.join(os.tmpdir(), "my-directory");
const tempDirectory = fs.mkdtempSync(tempBaseDirectory + path.sep);

and write the files for the test run in tempDirectory. Then after the test run, I can look into tempBaseDirectory for all the files I need.

That works fine, but I'm a bit worried about security. Could other users access that data in some operating systems?

Would it be better to store the data in a folder in user home directory or in the app directory? The latter option would require the user to specifically git-ignore the files.

Solution

Direct answer

Is it safe to store application files to user's temp directory?

To the letter of your question, yes, it is safe. However, very much take the bolded part into account. Not just any temp directory, only the user's temp directory suffices because it is appropriately access controlled to only give access to the current user.

os.tmpdir() gives access to the OS' temp directory and is therefore accessible by anyone who has access to this machine. Your temp files are not private to the user! Other users can access these files as well.

But what you can do is add encryption so that the data is unusable without the correct private key. This ensures that even when someone gains access to the file with ill intent (e.g. when the machine is compromised), that they can't actually parse the data.

Caveat: admin access

Note that local admins will be able to access the files as well. This can be a compromise of the private information but this is a decision made on the OS level to allow local administrators full access to the machine. If that is unacceptable for the level of privacy you and your users are expecting, then you can't really store anything on a machine.
But then again, technically speaking you wouldn't even be able to store a multi-session bearer token on that machine either, as an admin could get access to that token if they really wanted to. In reality, users compromise their own security (e.g. storing passwords in their browser) without worrying about things like admin access.

So it's up to you. If the privacy need is high (similar to banking information), don't store anything sensitive (without encrypting it) if you want to guarantee full privacy protection for your user. If the privacy need is reasonable (not accessible by anyone except those with appropriate rights decided by whoever owns the machine), then a user's folder is sufficiently private.

If you want to err on the safe side, encryption is a good way to ensure privacy from everyone including system admins, unless your files are prohibitively large to decrypt every time you want to access them.

User responsibility

@Kayaman deserves credit for posting it first, but I do want to add it as an answer rather than a comment.

Instead of fretting about the user's privacy and how you should handle it, why not use some real life inversion of control and instead let the user choose for themselves where to store the files?

This means you no longer have to worry about it. The user can take the appropriate privacy steps that they feel is required.

You could still e.g. add a notice to the application UI that these files may contain sensitive data and urge the users to keep them safe, but the final decision lies with them and not with you.

External Links

External links referenced by this document:

https://nodejs.org/api/os.html#os_os_tmpdir

References

https://softwareengineering.stackexchange.com/questions/398812