Encryption and Serialization

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
neo314
Forum Newbie
Posts: 3
Joined: Thu Aug 14, 2008 3:37 am

Encryption and Serialization

Post by neo314 »

I have done this before but I have also experienced data corruption. I'm seeking any input on the best practice to accomplish the following:

Have a file amangement system with extensive permission control management (I can already do that), and have the uploaded files not be accessible by guessing the filename and entering the url.

My thoughts are to upload thge files to a non-web accessible directory. Then retirieve the file through the PHP script and deliver it with the PHP script providing the access security.

OR

Serialize the file and store it in a MySQL database (or text file similar to above).

There may be some interest in encrypting the files. I can encrypt/machine code the encryption key for security, but I want to be sure the encryption, unencryption does not corrupt the files (previously, with Blowfish, I had to use Base64 encoding to prevent corruption, of certain strings in the process, but it was strings not files I was working with). The files may be in a variety of formats including word, excel, pdf, txt, etc.

Any thoughts?
User avatar
it2051229
Forum Contributor
Posts: 312
Joined: Tue Dec 25, 2007 8:34 pm

Re: Encryption and Serialization

Post by it2051229 »

you mean on the "non-web directory" is a directory that is not inside the "www" folder or hosted directory? well IN PHP yeah, you can.. you can store uploaded files outside the hosted directory. Just make use of the necessary paths.
neo314
Forum Newbie
Posts: 3
Joined: Thu Aug 14, 2008 3:37 am

Re: Encryption and Serialization

Post by neo314 »

That is what I meant and would be the simplest solution if no encryption is required.
Post Reply