encrypting files

uploadchest

New Member
YetiShare User
Oct 28, 2012
45
0
0
United States
all files uploaded and downloaded should go through an encrypting and decrypting process so the files cannot be stolen off the server, and that governments cant go through users files illegally.
 

ysmods

New Member
Jan 29, 2013
860
1
0
UK
www.ysmods.com
Encryption will not stop a government from viewing the content of the files, all they would have to do is buy a copy of the script to view the encryption/decryption functions and run the files through the decryption routines.

You can store files outside the /public_html/ or /htdocs/ directory, that will stop files from being "stolen". It will make the files only accessible via the download links.
 

adam

Administrator
Staff member
Dec 5, 2009
2,046
108
63
Plus make sure you've got an .htaccess with 'deny from all' in it in your files/ folder.

We could build in encryption but as yetisharemods says it would be difficult to stop someone decrypting them if they were determined to. You could encrypt them using a key but that key still needs to be stored somewhere in the code/database, which means someone with access to it can still decode it.

I really like the idea of having it as an option but I can't see how it can be done properly at the moment.
 

uploadchest

New Member
YetiShare User
Oct 28, 2012
45
0
0
United States
I understand what you're all saying. The encryption usually occurs with a salt, so the government wont be able to decrypt the files without the correct salt, and that could just be about anything. It's just a tip, though.
 

ysmods

New Member
Jan 29, 2013
860
1
0
UK
www.ysmods.com
I know what you're saying about the salt, but if the government wanted to decrypt the files, they would.

It's far better to respond to DMCA requests quickly and remove the files.
 

shopping1782

New Member
YetiShare User
Wurlie User
Reservo User
Sep 12, 2012
97
0
0
I think it's basically same thing as been requested (or offered?) here: http://forum.mfscripts.com/viewtopic.php?f=28&t=766

I think the only viable option here is megaupload-like which means encrypt the files via JavaScript (is it JS?) in client's browser and provide him with a private key.