Ian, I do understand that if the files aren't encrypted that they could potentially be viewed/copied by those with access to the servers on which they reside, whether on the file system or in the db. What I don't have from the client, and I don't think I'll be able to get a definitivee answer, is the required level of security. I don't know whether or not they want these files to be unreadable by personnel administering the servers. I'll definitely ask that question.
Essentially, I have to make a case for the approach I'm going to propose. I would rather not store the docs in a database, but if there aren't major performance issues with this approach then maybe I will do it that way. I would also rather not encrypt the docs and then decypt them while viewing. I will push the client for an answer to that. What's your take on the performance issues here? Do you think the increased overhead involved with decryption of documents when a user chooses to view potentially 50+ documents at one time in a browser (if that's possible) will seriously affect app performance? For this scenario, do you think the file system approach is better than the db approach? Thanks, Peter > Maybe I just don't understand the difference between the security > provided by SSL and the additional security that encrypting the files > and then storing them in the db will provide. > > SSL will only provide encryption of the data while it is in transit > from your server to the client server. Encrypting the documents > either on the file system or in a database may provide protection > against other personal that may have access to the computer system(s) > storing the documents. These two options provide protection at > different points. > > > -------------- > Ian Skinner > Web Programmer > BloodSource > www.BloodSource.org > Sacramento, CA > > --------- > | 1 | | > --------- Binary Soduko > | | | > --------- > > "C code. C code run. Run code run. Please!" > - Cynthia Dunning > > Confidentiality Notice: This message including any > attachments is for the sole use of the intended > recipient(s) and may contain confidential and privileged > information. Any unauthorized review, use, disclosure or > distribution is prohibited. If you are not the > intended recipient, please contact the sender and > delete any copies of this message. > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Message: http://www.houseoffusion.com/lists.cfm/link=i:4:241964 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
