Secure Delete in PHP

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
jasonlfunk
Forum Newbie
Posts: 5
Joined: Sun Oct 18, 2009 7:22 pm

Secure Delete in PHP

Post by jasonlfunk »

I want to overwrite a file with random data before deleting it to improve security a little. Does the following code do that?

Code: Select all

 //whipe the file
        $fs = filesize($uploaded_file);
        //write over the file with random characters 5 times
        for($i=0;$i<5;$i++)
        {
                $fh = fopen($uploaded_file,"w");
                mt_srand();
                for($i=0;$i<$fs;$i++)
                {
                        fwrite($fh,chr(mt_rand(65,90)));
                }
                fclose($fh);    
        }
        unlink($uploaded_file);
I guess my question is how PHP is implemented. Does fopen(file,"w") put the file pointer actually at the beginning of the file in memory?
User avatar
VladSun
DevNet Master
Posts: 4313
Joined: Wed Jun 27, 2007 9:44 am
Location: Sofia, Bulgaria

Re: Secure Delete in PHP

Post by VladSun »

http://www.php.net/manual/en/function.fopen.php
PHP Manual wrote:mode Description
'r' Open for reading only; place the file pointer at the beginning of the file.
'r+' Open for reading and writing; place the file pointer at the beginning of the file.
'w' Open for writing only; place the file pointer at the beginning of the file and truncate the file to zero length. If the file does not exist, attempt to create it.
'w+' Open for reading and writing; place the file pointer at the beginning of the file and truncate the file to zero length. If the file does not exist, attempt to create it.
'a' Open for writing only; place the file pointer at the end of the file. If the file does not exist, attempt to create it.
'a+' Open for reading and writing; place the file pointer at the end of the file. If the file does not exist, attempt to create it.
'x' Create and open for writing only; place the file pointer at the beginning of the file. If the file already exists, the fopen() call will fail by returning FALSE and generating an error of level E_WARNING. If the file does not exist, attempt to create it. This is equivalent to specifying O_EXCL|O_CREAT flags for the underlying open(2) system call.
'x+' Create and open for reading and writing; place the file pointer at the beginning of the file. If the file already exists, the fopen() call will fail by returning FALSE and generating an error of level E_WARNING. If the file does not exist, attempt to create it. This is equivalent to specifying O_EXCL|O_CREAT flags for the underlying open(2) system call.
There are 10 types of people in this world, those who understand binary and those who don't
jasonlfunk
Forum Newbie
Posts: 5
Joined: Sun Oct 18, 2009 7:22 pm

Re: Secure Delete in PHP

Post by jasonlfunk »

Right. I know that. My question is more low level than that. When PHP truncates the file to zero, I assume it's simply adding a null byte at the beginning of the file, leaving all the data there. I want to write over that data.
User avatar
VladSun
DevNet Master
Posts: 4313
Joined: Wed Jun 27, 2007 9:44 am
Location: Sofia, Bulgaria

Re: Secure Delete in PHP

Post by VladSun »

I think it's up to the OS, not PHP itself. Simply use the r+ flag, overwrite the content and delete.
There are 10 types of people in this world, those who understand binary and those who don't
User avatar
timWebUK
Forum Contributor
Posts: 239
Joined: Thu Oct 29, 2009 6:48 am
Location: UK

Re: Secure Delete in PHP

Post by timWebUK »

It depends on how efficient the file system being used is. It may just rewrite the block containing the location/length of the file with new physical location on disk of the bytes, leaving the old ones there but 'flagging' them as free. Leaving the filesystem fragmented but working.
Post Reply