*I thought of encryption (although not AES, which from what I hear the U.S. Government has a back door into), but wouldn't that be about as slow as storing it in the database? Maybe slightly faster, but still, if you have to decrypt the file each time someone wants to access it then unless you are decrypting the file entirely to memory (which, for a file the size of a DVD would burn even 64GB relatively quickly when it comes to simultaneous users) you still have to read the encrypted version and write the decrypted version to disk. And then in the event of an aborted download, where readfile() didn't finish reading the whole file, wouldn't execution stop, leaving the unencrypted file? Or would the script continue to execute even when the socket it's writing everything to is closed? This is an area of PHP I have never delved into that closely, so I'm honestly a bit puzzled. :) *
* * *And I'm confused about the idea of writing outside of webroot. My understanding of webroot is that it's simply where Apache looks for files that are not part of any separate dedicated path, and beyond that have no effect. If someone managed to break into a shell from Apache, wouldn't they still see the normal root file system? Unless it was chrooted of course. But that would mean, I think, that I'd have to store the files inside the chroot jail. After all, PHP is being called by Apache, so wouldn't it inherit Apache's chroot?* * * *Thanks folks!* *--- Dan* On Thu, May 30, 2013 at 12:56 AM, S. Dale Morrey <[email protected]>wrote: > You could store the file AES encrypted, then store the key in the > database. It would then take much more than casual browsing for even > someone with root to view the files. > > > On Wed, May 29, 2013 at 2:14 PM, Daniel C. <[email protected]> wrote: > > > On Mon, May 27, 2013 at 4:59 AM, Dan Egli <[email protected]> wrote: > > > He has said that he is paranoid about people being able to gain access > to > > > the content from outside the web page. > > > > As other people have pointed out, storing files inside of the database > > does not make his files more secure. In fact, I would argue that it > > creates additional security flaws - if you accidentally introduce an > > opportunity for an SQL injection attack, someone could potentially > > access anything in your DB via the web. > > > > I'm not sure how you can allow the web server access to the files > > without also granting access to anyone with root on the machine, but > > there's got to be a better way than dropping them all in the DB. > > > > -Dan > > > > /* > > PLUG: http://plug.org, #utah on irc.freenode.net > > Unsubscribe: http://plug.org/mailman/options/plug > > Don't fear the penguin. > > */ > > > > /* > PLUG: http://plug.org, #utah on irc.freenode.net > Unsubscribe: http://plug.org/mailman/options/plug > Don't fear the penguin. > */ > /* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
