> Behalf Of Sid Gudes wrote: > Subject: Re: Deleting - and shredding - a file > To: Borland's Delphi Discussion List > > I don't know if tMemoryStream.SaveToFile will overwrite the existing > file (should be OK) or create a new file and rename the old one (not > OK).
It overwrites the file (it actually tells the OS to overwrite the file). There's no guarantee that the OS will write the file to disk using exactly the same sectors on disk, so there's a chance this overwritten file will not overlap the old file 100% percent. I noticed this behavior while trying to recover lost files using a direct disk access technique: I *always* find more than one copy of the file on disk, but I never copied the file from one place to the other (so there should only be one copy). > Below is a thread discussing this. Depending on the level of > security you need, you can overwrite once (good enough for anyone who > tries to read your hard disk via software) or 3 times with different > patterns (in case you're afraid someone will extract your hard disk > platters and use special hardware to try to recover the deleted data; > I don't believe HIPAA requires this, but I haven't read the fine print > :-) ). (wish I was better organized and had a link to the article I extracted the stuff below). HDD makers have/used to have (have sounds more plausible) a device to test the quality of an overwritten bit on a hard drive. That is, see how good the writing head is. Because the writing head is not 100% perfect there's a chance to guess what the bit value was before the new bit was written. Form the existence of this device it has been extrapolated that there might be a device that reads the "raw" platters of a HDD and determine what was there before the stuff was overwritten. This is purely speculative as there's no evidence to this device's existence (if there was such a device I'm sure "data recovery" companies would have it and advertise it). Now I'm not saying writing data 3 times to the file is a bad thing: That might force the OS to overlap more of the original file and get better performance because of that. > http://groups.google.com/group/borland.public.delphi.objectpascal/brows > e_thread/thread/3ec29ee113bd34fa/bab49ebf426f58d9%23bab49ebf426f58d9 > > At 05:55 AM 11/12/2007, Rob Cameron wrote: > >In a current project I'm required to detect a text file in a folder, > >encrypt it and send it to a recipient. No problem; I'll use LockBox > for > >the encryption. The files contain health data which may be sensitive > and > >after confirming receipt of the data, the files should be deleted from > >the folder. The customer has also asked that the files should be > >shredded. A professional disk recovery exercise is unlikely, but they > >do want to avoid a deleted file being recovered if one of their > laptops > >is lost or stolen. > > > >I don't know enough about how Windows handles files: would it be > enough > >to overwrite the file, maybe something like the code below? This > relies > >on Windows saving the file(s) in exactly the same locations on disk > and > >I suspect this will not always be the case. Does anyone know of a > >better way, or a component that will shred a file from within a Delphi > app? > > > >Many thanks for all suggestions, > > > >Rob > > > > > >procedure OverWriteandDelete(FileName: string; N: integer); > >// Overwrite a file N times then delete it > >// File2String(FileName) and String2File are taken from "ExeMod" > written > >by G.A. Carpenter > >// (see below) > >var > > TempString: string; > > k: integer; > >C: char; > >begin > > TempString := File2String(FileName); > > > > // overwrite the file N times, saving to disk each time > > for k := 1 to N do > > begin > > C := chr(65 + random(50)); > > String2File(StringOfChar(C, length(TempString)), FileName); > > end; > > > > // empty the string in memory > > ZeroMemory(@TempString, SizeOf(TempString)); > > > > // delete the file from disk > > DeleteFile(FileName); > >end; > > > >// These two methods are taken from "ExeMod" written by G.A. > Carpenter: > > > >//This code can write any string to disk as a file > >procedure String2File(String2BeSaved, FileName: string); > >var > > MyStream: TMemoryStream; > >begin > > if String2BeSaved = '' then exit; > > SetCurrentDir(ExtractFilePath(Application.ExeName)); > > MyStream := TMemoryStream.Create; > > try > > MyStream.WriteBuffer(Pointer(String2BeSaved)^, > Length(String2BeSaved)); > > MyStream.SaveToFile(FileName); > > finally > > MyStream.Free; > > end; > >end; > > > >//This code can read any file from disk and into a string: > >function File2String(FileName: string): string; > >var > > MyStream: TFileStream; > > MyString: string; > >begin > > MyStream := TFileStream.Create(FileName, fmOpenRead > > or fmShareDenyNone); > > try > > MyStream.Position := 0; > > SetLength(MyString, MyStream.Size); > > MyStream.ReadBuffer(Pointer(MyString)^, MyStream.Size); > > finally > > MyStream.Free; > > end; > > Result := MyString; > >end; > >_______________________________________________ > >Delphi mailing list -> [email protected] > >http://lists.elists.org/cgi-bin/mailman/listinfo/delphi > > Regards, > Sid Gudes > PIA Systems Corporation > [EMAIL PROTECTED] > > > _______________________________________________ > Delphi mailing list -> [email protected] > http://lists.elists.org/cgi-bin/mailman/listinfo/delphi _______________________________________________ Delphi mailing list -> [email protected] http://lists.elists.org/cgi-bin/mailman/listinfo/delphi
