Best way to encrypt/decrypt a file uploaded via PHP for this purpose? -


i'm in process of prototyping file upload system service needs basic form of encryption files uploaded users. of files uploaded uploaded same directory in users can download , upload files freely, authorized users able delete files uploads.

with in mind, need know best way encrypt these files (via crypt() or similar) storage in non-public-accessible directory purpose. considered using base 64 encode functions built php this, seemed if able write php script on server base 64 decrypt files stored on server, thereby rendering encryption protection useless.

in summary, need know best way implement (i.e. functions or classes use) meets following criteria:

  1. the function needs reversible in way users logged in via php's $_session variables can decrypt files encrypted.
  2. encryption needs affect file types, whether images, text, binaries, documents, , decrypting files must yield file identical file encrypted (i.e. header intact).

i may worried more necessary, make easy use possible basic security. i'm not protecting particularly important such credit card information or trade secrets, users designing have peace-of-mind know there @ least some measures in place prevent hacking of files uploaded.

base64 not encryption.

if want strong encryption, you'll want think using gpg extension

then need consider system architecture.

if server needs encrypt/decrypt files, key need on server, , readable web server process. means if compromises server, have access need decrypt files!

even worse, since php app drives encryption/decryption, attacker needs access 1 of users' accounts.

encryption going save if attacker somehow gets access file storage directory, nothing else on server. that's unlikely scenario.

in case, sounds on-disk encryption overkill. if files not directly web-accessible, that's enough. focus instead on making sure host system secure (updated packages, firewall rules), , application secure (run under https, use best practices defeat sql injection , csrf attacks, require strong passwords, etc).


Comments

Post a Comment

Popular posts from this blog

c# - SharpSVN - How to get the previous revision? -

i trying find efficient way previous revision of file text comparison using sharpsvn. using (svnclient c = new svnclient()) { c.authentication.defaultcredentials = new networkcredential( configurationmanager.appsettings.get("svnserviceusername") , configurationmanager.appsettings.get("svnservicepassword") , configurationmanager.appsettings.get("svnservicedomain") ); c.authentication.sslservertrusthandlers += new eventhandler<svnsslservertrusteventargs>(authentication_sslservertrusthandlers); collection<svnfileversioneventargs> fileversioncollection = new collection<svnfileversioneventargs>(); svnrevisionrange range = new svnrevisionrange(0, this.hooks.revision); svnfileversionsargs args = new svnfileversionsargs(); args.retrieveproperties = true; args.range = range; foreach (svnchangeitem item in log.changedpaths) { string path = this.repositorypath + it...
Read more

c++ - Is it possible to compile a VST on linux? -

for class project i'm attempting write vst plugin backed cuda. current cuda workflow on linux box, i'd prefer compile , link there. according wikipedia , should possible (i couldn't find steinberg documentation relevant linux) can't find makefile or instructions on how build if aren't using xcode or visual studio. i'm vst 3 sdk doesn't support linux. when try compile plugin under linux, error: ./base/source/fatomic.cpp:39:30: fatal error: libkern/osatomic.h: no such file or directory this issue caused following code in "vst3 sdk/base/source/fatomic.cpp" #if mac #include <libkern/osatomic.h> #if mac_os_x_version_min_required > mac_os_x_version_10_4 #define native_atomic_type (volatile int32_t*) #else #define native_atomic_type (int32_t*) #endif #elif windows #include <windows.h> #endif but hope compiling under linux work vst sdk 2.4. reading. jvstwrapper seems run on lin...
Read more

url - Querystring manipulation of email Address in PHP -

i using third party application (email2http) send me emailid, body , message. unable retrieve email id due name appended on , enclosed < , >. here querystring getting. test.php?from=ajay+reddy &subject=cx&body=somebody when print variable in php returns name , not email id. $from = $_get['from']; echo $from; //output ajay reddy please suggest me how can emailid also. i dont want use post method due testing , debugging. it's working fine. forgot use htmlentities() in debugging.
Read more