How visible/traceable is local CSV data queried from an ASP.NET page?

Question

I want to have a page on a remote site that selects a local CSV file as a data source which outputs to a GridView. What is the format of the source data and how is it transferred to the server in this instance?

Could it be retrieved in some way from a cache or the IIS logs? The data is mildly sensitive and I'd like to know the potential risks.

Here is the query, if it makes any difference:

SELECT   [fullname]                   AS [Employee]      ,
         [reportsto]                  AS [Line manager],
         COUNT([fullname])            AS [Occasions]     ,
         ROUND(SUM([dayslost]),2)     AS [Days lost]   ,
         INT((COUNT([fullname])       *COUNT([fullname]))*SUM([dayslost])) AS [Bradford factor]
FROM     [Staff absence reasons.csv]
WHERE    UCASE([absencetype])='SELF CERTIFIED SICKNESS'
OR       UCASE([absencetype])='DOCTOR CERTIFIED SICKNESS'
GROUP BY [fullname],
         [reportsto]
ORDER BY 2 ASC,
         5 DESC;

Answer 1

It's unlikely that a cache or log would hold the content of the data - a Proxy is more likely to be able to get at it (download fiddler and see what you can get).

Probably, it would be uploaded in base64, which is trivial to decode, so anyone who can intercept the traffic could get your csv file as it's transmitted.

If you wanted to reduce the likelihood of this, you should set up SSL on the remote site (as a minimum), and you could even go so far as using a VPN between the two machines.

However, what you don't cover is where the data is stored on the server, and how it's processed...if it's left lying around in your site root, then anyone could find it.