all files uploaded and downloaded should go through an encrypting and decrypting process so the files cannot be stolen off the server, and that governments cant go through users files illegally.
encrypting files
- Thread starter uploadchest
- Start date
Encryption will not stop a government from viewing the content of the files, all they would have to do is buy a copy of the script to view the encryption/decryption functions and run the files through the decryption routines.
You can store files outside the /public_html/ or /htdocs/ directory, that will stop files from being "stolen". It will make the files only accessible via the download links.
You can store files outside the /public_html/ or /htdocs/ directory, that will stop files from being "stolen". It will make the files only accessible via the download links.
Plus make sure you've got an .htaccess with 'deny from all' in it in your files/ folder.
We could build in encryption but as yetisharemods says it would be difficult to stop someone decrypting them if they were determined to. You could encrypt them using a key but that key still needs to be stored somewhere in the code/database, which means someone with access to it can still decode it.
I really like the idea of having it as an option but I can't see how it can be done properly at the moment.
We could build in encryption but as yetisharemods says it would be difficult to stop someone decrypting them if they were determined to. You could encrypt them using a key but that key still needs to be stored somewhere in the code/database, which means someone with access to it can still decode it.
I really like the idea of having it as an option but I can't see how it can be done properly at the moment.
I understand what you're all saying. The encryption usually occurs with a salt, so the government wont be able to decrypt the files without the correct salt, and that could just be about anything. It's just a tip, though.
I know what you're saying about the salt, but if the government wanted to decrypt the files, they would.
It's far better to respond to DMCA requests quickly and remove the files.
It's far better to respond to DMCA requests quickly and remove the files.
I think it's basically same thing as been requested (or offered?) here: http://forum.mfscripts.com/viewtopic.php?f=28&t=766
I think the only viable option here is megaupload-like which means encrypt the files via JavaScript (is it JS?) in client's browser and provide him with a private key.
I think the only viable option here is megaupload-like which means encrypt the files via JavaScript (is it JS?) in client's browser and provide him with a private key.