I'm setting up a wiki for a client who is very concerned about his information remaining secure... the site will only be accessible via SSL, and only to logged-in users who have previously passed a security check.
The trouble is, the site is hosted on a GoDaddy shared server, where the only way to access the files is FTP. I'm concerned that the FTP password could be intercepted and all the stored data -- which is unencrypted on the server -- downloaded in minutes. I just got off the phone with GoDaddy, and setting up SCP or SFTP is not an option for their shared servers, only for the virtual private ones which cost 3x more. So we're looking at changing the FTP password each time we use it, which is a hassle and doesn't protect the actual data from being intercepted during FTP transfer, should the client want to back it up off-site. Clearly if he is serious about security, a different host or the more expensive hosting account is the only real solution, and I'll advise him of that. However... my question is, has anyone looked into writing an encrypted pagestore, so that if wiki page files were downloaded or intercepted it would not be immediately obvious what they were or how to decrypt them? I'm not very knowledgeable about encryption... what routine would be most useful for such a purpose? Is this even a worthwhile venture? Thanks in advance! --Ben _______________________________________________ pmwiki-devel mailing list pmwiki-devel@pmichaud.com http://www.pmichaud.com/mailman/listinfo/pmwiki-devel
