On Tue, 2005-02-15 at 14:00, Richard Lynch wrote: > Matt M. wrote: > >> I have a database that contains encrypted data using Mysql function > >> ENCODE(). Certain users will be allowed to view this data and I will > >> allow > >> them to download a CSV file contain the decrypted data using the Mysql > >> DECODE() function. However I don't want this file to be left on the > >> server, > >> is there a way to ensure that the file is deleted immediately after it > >> has > >> been downloaded? > > > > http://us4.php.net/unlink > > PS If the data is REALLY sensitive, you may want to look into command line > tools to actually ERASE the data instead of just doing unlink. > > 'unlink' only nukes the directory information to find the file. The file > contents still exist, intact, and there are tools to mine un-linked files > to find content. > > Hard Drive forensics experts can even manage to retrieve over-written > files based on some very very very expensive/hard analysis of the magentic > fields -- Sort of like reading through scratched out stuff on paper by > holding it up to the light, only a lot more technical and a lot more > expensive... It's unlikely you need to worry about *THAT* though, as I > understand it... >
As Richard pointed out the unlink will leave the data on the disk but simply remove the directory pointers to it. If physical security of the box is an issue then overwriting the file with random data and then unlinking it might be a decent solution. If a file is opened for writing I suspect it depends on the operating system as to whether the same disk blocks are used so overwriting a file might not actually over write the data on the disk. It should, however at least change the directory entry enough that someone with access to the box will not be able to use a simple undelete utility to retrieve the file. Bret -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
