--- Ben Stallings <[EMAIL PROTECTED]> wrote: ... > However... my question is, has anyone looked into > writing an encrypted > pagestore, so that if wiki page files were > downloaded or intercepted it > would not be immediately obvious what they were or > how to decrypt them?
Let me try to understand your threat model a little better. This model will help suggest a solution. Are you concerned with an attacker: 1) who can sniff your ftp transfer of these files (sounds like yes?) 2) who can sniff your ftp password and therefor even access the files once they are on the server (sounds like yes also?) 3) who has root access on the server (i.e. godaddy sysadmins?) -If you are only concerned with #1 there are ways of encrypting the files before transferring them and decrypting them afterwards allowing you to use unencrypted ftp. -If you are only concerned with #1 and #2, an encrypted pagestore which is decrypted on the fly with the browsing user's password would be helpful to you. There is a PITS for this here: http://pmwiki.org/wiki/PITS/00545 This is conceivably possible, the hard part as mentioned in the PITS is managing the keys. I actually began work on such a project last summer and got to the point of being able to encrypt and decrypt the pagestore. I did not get very far in the key management area though, I was planning on implementing the key management scheme that I proposed at the bottom of the PITS page. I could provide my code if you are interested in finishing the project, or hiring me or someone else to finish it. :) -If you are concerned with all three of these threats then you are probably SOL since a root user can always access memory to view the decrypted content of the files when they are being decrypted for on the fly viewing. Good luck, -Martin ____________________________________________________________________________________ Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now. http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ _______________________________________________ pmwiki-devel mailing list [email protected] http://www.pmichaud.com/mailman/listinfo/pmwiki-devel
