Beefy Boxes and Bandwidth Generously Provided by pair Networks
Think about Loose Coupling
 
PerlMonks  

Re^4: Encrypt files on server and then decrypt when user downloads

by MPM (Novice)
on Oct 19, 2012 at 19:57 UTC ( #1000028=note: print w/ replies, xml ) Need Help??


in reply to Re^3: Encrypt files on server and then decrypt when user downloads
in thread Encrypt files on server and then decrypt when user downloads

I understand that it's not 100% secure, I'm just trying to add another layer, well it's not really me that wants to add it, but anyway.....also, just because they have access to the server and possibly the files, that wouldn't necessarily mean they have access to the script also. Thanks for the input though.


Comment on Re^4: Encrypt files on server and then decrypt when user downloads
Re^5: Encrypt files on server and then decrypt when user downloads
by BrowserUk (Pope) on Oct 19, 2012 at 20:03 UTC
    also, just because they have access to the server and possibly the files, that wouldn't necessarily mean they have access to the script also.

    Ah well. If the script is secure, just put the files in the same place as the script and they'll be no need to encrypt them.


    With the rise and rise of 'Social' network sites: 'Computers are making people easier to use everyday'
    Examine what is said, not who speaks -- Silence betokens consent -- Love the truth but pardon error.
    "Science is about questioning the status quo. Questioning authority".
    In the absence of evidence, opinion is indistinguishable from prejudice.

    RIP Neil Armstrong

Re^5: Encrypt files on server and then decrypt when user downloads
by Illuminatus (Curate) on Oct 19, 2012 at 21:57 UTC
    I echo BrowserUK's sentiment. Put another way "put your effort into protecting access to the files, not encrypting them". Using linux for an example, you can set the directory permission of the files to only allow read for the owner or group. The 'web-server SSL' user should be the owner. If a hacker can get access as the web-SSL user (or root), then you should be concentrating on improving access security, not download security. If this is a remote-FS issue, ie the web-server mounts the FS where these files reside, and security isn't as good on that file-server, fix the security there.

    fnord

Re^5: Encrypt files on server and then decrypt when user downloads
by moritz (Cardinal) on Oct 20, 2012 at 06:23 UTC

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://1000028]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others examining the Monastery: (7)
As of 2014-09-02 08:22 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    My favorite cookbook is:










    Results (20 votes), past polls