Welcome Guest, Not a member yet? Register   Sign In
File encryption / decription in CodeIgniter

[eluser]Birger Eelen[/eluser]

I'm fairly new to CodeIgniter but I like the flexibility which allows me to code faster and better!

I am building an application where users can upload their files to the server and download them when they want. I'd like to add some security so I encrypted the filename and the reference to the database.

However, a full textsearch on the server will still reveal the file, so I want the files to be encrypted when uploading and decrypted when downloading. Is this possible with CodeIgniter? I've seen the Encryption Class but that's limited to strings.



What do mean by 'full text search'? You have an online function that allows searching the filesystem? That doesn't seem save to me.

If you need this feature, simply store uploaded files outside the docroot, and use a controller method to facilitate the download.

[eluser]Birger Eelen[/eluser]
What I forgot to mention is the application will be hosted on a private server, accessible by the IT administrator. So basically, he can access all the files on the server and therefore run an application searching all the files, including their contents.

So what I'd like to do is add an encryption the files cannot simply be viewed on the server. I know there are desktop applications available for this kind of things, but I was wondering if CodeIgniter has an similar functionality.

I am also aware that encryption isn't bullet proof, but I'd simply like to add extra security.

Ok, so you don't trust the administrator?

A decent administrator will also have access to the PHP source, one line extra will save the entered passwords to disk, and the database will provide him(or her) with all other info needed. A little application level encryption wouldn't stop him (or her).

Sounds like a completely different problem, one you shouldn't try to solve in code. Instead, sack the dude!

[eluser]Birger Eelen[/eluser]
OK OK, I completely agree that the admin will have access to the PHP file.

They way I worked now (it isn't perfect, I know) is when I upload the file, I give it a random filename (a hashed microtime). This filename is encrypted and stored in the database. The link to the file is also encrypted, so without opening the file you cannot guess which file it is.

So let's say this is secure enough (unless the admin has lots of time to spare and digg in the code itself), but when the admin simply opens a file (or does a search), he can easily find info he shouldn't see. Therefore I want to know if it's possible to add (basic) file encryption / decryption so this is an extra 'hurdle' for the admin.

I can't think of any 'binary' solution for PHP that can encrypt/decrypt files without loading them completely in memory. And doing it in code will prove to be extremely slow I',m afraid.

Do you have shell access on this private server? If so, you could use GnuPG as a Q&D workaround...

An other alternative is use EncFS, and have the filesystem encrypt them on the fly when you save them.

[eluser]Birger Eelen[/eluser]
Thanks for the feedback.

I don't know if I have shell access, if I do, is this something I can do from my PHP code? (shell_exec or something like that).

I am afraid of the memory usage, as lots of users will share lots of files (currently +1.000 users with +25.000 files.

You can also do it via cron in the background.

Have the files uploaded to a temporary location, and do not publish them directly after upload. Use a cron script to poll this directory, use GnuPG to encrypt them and store the encrypted versions in their final destination. Then start a piece of commandline PHP which updates the published state of the file, so it's available for download. Offcourse, for downloads the decryption has to be realtime. And that might be a factor too, your download request shouldn't timeout.

Any idea of the volume of uploads and downloads, lets say per hour? And the CPU specs and current load of this private server? I'm not afraid of memory (unless you're really short), but encryption/decryption can use lots of CPU. For that reason my Apache reverse proxies all use hardware offloaders for SSL.

Read this article, it's about what Wan W. has just said: http://devzone.zend.com/article/1265

I wanna encrypt(/decrypt) some personal files for users, because of they can reach those files, from everywhere, but can open it without authentication.
But they have limited quota, but DB is unlimited, that's the answer.

Thank you!

Theme © iAndrew 2016 - Forum software by © MyBB