Securing files
Roy Smith
roy at panix.com
Wed Feb 23 15:07:31 EST 2011
In article <mailman.351.1298490632.1189.python-list at python.org>,
"Timothy W. Grove" <tim_grove at sil.org> wrote:
> The problem isn't so much the database itself, as I can think of a
> number of way to encrypt the data it contains, but some of the data is
> simply names of image and video files contained elsewhere in the
> file-system. Is there anyway to prevent a user from simply opening up
> the file-system from outside of the application and viewing the files?
> One way that I can think of would be to encode the image/video files as
> BLOBS and store them in the database itself, but apart from that option,
> can anyone suggest other ways?
You could have your application create one-time URLs for the images,
something like http://host.com/image/xxx/yyy, where xxx is a string
identifying the particular image and yyy is a cryptographic key encoding
not just xxx, but also a timestamp, and maybe a session key or a cookie
identifying the client. The image URL is thus good for only a small
time window, for a specific client.
Naturally, you need to move the media files to someplace where they are
not externally visible. And write the code to generate and check the
crypto keys. You *could* store them as database blobs, but just moving
them out of the externally visible directory tree would be easier, more
efficient, and just as secure.
None of this, of course, has anything to do with Python.
More information about the Python-list
mailing list