FUDforum: comp.lang.php

Home » Imported messages » comp.lang.php » Nested PHP

Show: Today's Messages :: Polls :: Message Navigator

Re: Nested PHP [message #184853 is a reply to message #184850]

Tue, 11 February 2014 15:10

Jerry Stuckle
Messages: 2598
Registered: September 2010

Karma:

Senior Member

On 2/11/2014 9:31 AM, Adrian Tuddenham wrote:
> Jerry Stuckle <jstucklex(at)attglobal(dot)net> wrote:
>
> [...]
>> My main question here would be - what are you trying to accomplish by
>> having files encrypted on your server. Since the decryption code is
>> right in plain sight, encrypting the files adds no security. If they
>> can get to your raw files, they can get to your decryption code.
>
> I'm not trying to produce a high-security system, just something which
> deters the casual user from downloading PDFs that members of the group
> have paid their membership fee to receive. I doubt if anyone wants to
> go to all the trouble of decrypting a PDF file in order to avoid paying
> £7.50
>

First of all, you don't need to go to all the trouble of encrypting a
pdf to make it unavailable to the casual user. Just place the file
outside of your document_root hierarchy and download it with PHP.

Second, it's still no security. Once someone has the pdf, they can make
and send all the copies they want.

> I am a bit worried by your statement that the decryption code is in
> plain sight, how can that be protected better than it already is? The
> filename in the GET of the link url is also encrypted (very crudely) so,
> although it is in plain view, it wouldn't lead the hacker directly to
> the encrypted PDF file.
>

That's correct. Anyone who can access your source files can see the
decryption code.

What you have is security by obfuscation - which is only the illusion of
security. And you're going to a whole lot of unnecessary work to get it.

>>
>> And in any case, the decrypted page (along with images, etc.) is
>> available at the browser just as soon as someone requests it.
>
> That 'someone' would have to be a member and they could equally well
> send their password to a friend. There is a download log which should
> alert me if something untoward is happening through the password system.
>

But if they send the file to their pals (or post it on another website),
you would never know.

>
>> I think your whole approach needs rethinking.
>
> I agree it isn't suitable for a high security website, it is just making
> the best of a "Topsy".
>
>

It's not even suitable for a low security website.

--
==================
Remove the "x" from my email address
Jerry Stuckle
jstucklex(at)attglobal(dot)net
==================

Report message to a moderator

[Message index]

		Nested PHP By: adrian on Mon, 10 February 2014 20:24
		Re: Nested PHP By: Jerry Stuckle on Mon, 10 February 2014 20:56
		Re: Nested PHP By: adrian on Mon, 10 February 2014 21:44
		Re: Nested PHP By: Jerry Stuckle on Mon, 10 February 2014 21:51
		Re: Nested PHP By: Peter H. Coffin on Tue, 11 February 2014 14:14
		Re: Nested PHP By: Jerry Stuckle on Tue, 11 February 2014 14:27
		Re: Nested PHP By: Peter H. Coffin on Wed, 12 February 2014 00:41
		Re: Nested PHP By: Jerry Stuckle on Wed, 12 February 2014 01:03
		Re: Nested PHP By: adrian on Wed, 12 February 2014 10:13
		Re: Nested PHP By: Tim Streater on Wed, 12 February 2014 10:33
		Re: Nested PHP By: Jerry Stuckle on Wed, 12 February 2014 11:30
		Re: Nested PHP By: adrian on Wed, 12 February 2014 12:52
		Re: Nested PHP By: The Natural Philosoph on Wed, 12 February 2014 13:11
		Re: Nested PHP By: Denis McMahon on Thu, 13 February 2014 06:55
		Re: Nested PHP By: Peter H. Coffin on Thu, 13 February 2014 18:02
		Re: Nested PHP By: Stefan+Usenet on Wed, 12 February 2014 12:14
		Re: Nested PHP By: The Natural Philosoph on Mon, 10 February 2014 22:09
		Re: Nested PHP By: Christoph Michael Bec on Mon, 10 February 2014 22:23
		Re: Nested PHP By: Tim Streater on Mon, 10 February 2014 22:27
		Re: Nested PHP By: Geoff Muldoon on Mon, 10 February 2014 22:30
		Re: Nested PHP By: Denis McMahon on Mon, 10 February 2014 23:06
		Re: Nested PHP By: Jerry Stuckle on Tue, 11 February 2014 01:46
		Re: Nested PHP By: adrian on Tue, 11 February 2014 10:11
		Re: Nested PHP By: Tim Streater on Tue, 11 February 2014 11:17
		Re: Nested PHP By: adrian on Tue, 11 February 2014 12:01
		Re: Nested PHP By: Tim Streater on Tue, 11 February 2014 12:45
		Re: Nested PHP By: Christoph Michael Bec on Tue, 11 February 2014 12:55
		Re: Nested PHP By: Denis McMahon on Tue, 11 February 2014 13:29
		Re: Nested PHP By: adrian on Tue, 11 February 2014 14:31
		Re: Nested PHP By: Denis McMahon on Tue, 11 February 2014 17:24
		Re: Nested PHP By: Jerry Stuckle on Tue, 11 February 2014 13:15
		Re: Nested PHP By: adrian on Tue, 11 February 2014 14:31
		Re: Nested PHP By: Jerry Stuckle on Tue, 11 February 2014 15:10
		Re: Nested PHP By: adrian on Tue, 11 February 2014 15:31
		Re: Nested PHP By: Jerry Stuckle on Tue, 11 February 2014 16:24
		Re: Nested PHP By: adrian on Wed, 12 February 2014 10:13
		Re: Nested PHP By: Jerry Stuckle on Wed, 12 February 2014 11:33
		Re: Nested PHP By: Ben Bacarisse on Tue, 11 February 2014 15:26
		Re: Nested PHP By: Ben Bacarisse on Tue, 11 February 2014 14:41
		Re: Nested PHP By: adrian on Tue, 11 February 2014 15:31
		Re: Nested PHP By: Ben Bacarisse on Tue, 11 February 2014 15:53
		Re: Nested PHP By: Jerry Stuckle on Tue, 11 February 2014 16:26
		Re: Nested PHP By: bill on Tue, 11 February 2014 12:12
		Re: Nested PHP By: Mr Oldies on Wed, 12 February 2014 14:33
		Re: Nested PHP By: Denis McMahon on Thu, 13 February 2014 06:47
		Re: Nested PHP By: Scott Johnson on Thu, 13 February 2014 13:01
		Re: Nested PHP By: Evan Platt on Fri, 14 February 2014 15:19
		Re: Nested PHP By: Scott Johnson on Fri, 14 February 2014 18:43
		Re: Nested PHP By: Arno Welzel on Sun, 02 March 2014 14:54
		Re: Nested PHP By: adrian on Sun, 02 March 2014 18:10
		Re: Nested PHP By: The Natural Philosoph on Mon, 03 March 2014 11:38
		Re: Nested PHP By: Arno Welzel on Mon, 17 March 2014 14:26
		Re: Nested PHP By: Jerry Stuckle on Mon, 17 March 2014 14:52
		Re: Nested PHP By: The Natural Philosoph on Mon, 17 March 2014 15:33
		Re: Nested PHP By: Peter H. Coffin on Mon, 17 March 2014 22:10
		Re: Nested PHP By: The Natural Philosoph on Mon, 17 March 2014 23:01
		Re: Nested PHP By: Christoph Michael Bec on Mon, 17 March 2014 23:31
		Re: Nested PHP By: The Natural Philosoph on Tue, 18 March 2014 13:10
		Re: Nested PHP By: Gabriel on Mon, 17 March 2014 15:18

Previous Topic:	Filling an array with random input doesn't quite work
Next Topic:	string length

Goto Forum:

-=] Back to Top [=-

[ Syndicate this forum (XML) ] [

]

Current Time: Sun Nov 24 00:39:49 GMT 2024

Total time taken to generate the page: 0.04037 seconds