Beefy Boxes and Bandwidth Generously Provided by pair Networks
Syntactic Confectionery Delight
 
PerlMonks  

Protecting Personal Files within a Perl Website!

by Nik (Initiate)
on Jul 30, 2004 at 11:40 UTC ( [id://378647] : perlquestion . print w/replies, xml ) Need Help??

Nik has asked for the wisdom of the Perl Monks concerning the following question:

This node falls below the community's threshold of quality. You may see it by logging in.
  • Comment on Protecting Personal Files within a Perl Website!

Replies are listed 'Best First'.
Re: Protecting Personal files
by kelan (Deacon) on Jul 30, 2004 at 12:14 UTC

    By "basic http authentication" I'm assuming you mean something like Apache's "AuthType Basic" directory restrictions.

    Well the good news is that it will require a password to access the directory. The bad news (and we're talking pretty bad) is that the user/password combination is sent back to the webserver in cleartext. Meaning anyone sniffing your connection now has a free pass into that directory by sending the same user/password combo on their own.

    An easy way around this is to use an SSL connection to your webserver, which will encrypt the traffic and prevent people from sniffing your user/password out of the ether.

    Do take note of beable's advice, however. The files will, in some sense, still be accessible to the outside world. Someone just needs to find a crack into your webserver.

    A reply falls below the community's threshold of quality. You may see it by logging in.
Re: Protecting Personal files
by beable (Friar) on Jul 30, 2004 at 12:02 UTC

    Dude, don't put "special personal files" on a webserver. You are asking for trouble. The only stuff you should put on a webserver is stuff that you won't get upset if the whole world sees it.

    A reply falls below the community's threshold of quality. You may see it by logging in.
Re: Protecting Personal files
by danielcid (Scribe) on Jul 30, 2004 at 12:42 UTC

    Well, does your site support SSL ? By "basic http
    authentication", you mean a password ? Can this password
    by transfered using SSL ?
    If you can add a password to protect this files and this
    password can be sent using SSL and your web server is
    well configured, I think you did the necessary job to
    protect your files. If you are paranoic, you can also
    encrypt your files in the webserver (each file
    separately, not file system encryption)...

    -DBC
    A reply falls below the community's threshold of quality. You may see it by logging in.
Re: Protecting Personal Files within a Perl Website!
by roju (Friar) on Jul 30, 2004 at 14:18 UTC

    Not a perl/webserver solution; but, is there anything stopping you from just using ssh to access your files? Since you seem to be particularly paranoid, you could use s/key one-time passwords. That way it doesn't matter if there's a keylogger or if someone sniffs your password. It's also way more convenient than carrying around a CDRW :).

    You can download putty from anywhere to get access.

    That said, basic http auth over ssl strikes me as being properly careful, unless the data's super sensitive.

    Update: Touched up a little.

    A reply falls below the community's threshold of quality. You may see it by logging in.
    A reply falls below the community's threshold of quality. You may see it by logging in.