Page 1 of 1

Encryption and Serialization

Posted: Thu Aug 14, 2008 3:47 am
by neo314
I have done this before but I have also experienced data corruption. I'm seeking any input on the best practice to accomplish the following:

Have a file amangement system with extensive permission control management (I can already do that), and have the uploaded files not be accessible by guessing the filename and entering the url.

My thoughts are to upload thge files to a non-web accessible directory. Then retirieve the file through the PHP script and deliver it with the PHP script providing the access security.

OR

Serialize the file and store it in a MySQL database (or text file similar to above).

There may be some interest in encrypting the files. I can encrypt/machine code the encryption key for security, but I want to be sure the encryption, unencryption does not corrupt the files (previously, with Blowfish, I had to use Base64 encoding to prevent corruption, of certain strings in the process, but it was strings not files I was working with). The files may be in a variety of formats including word, excel, pdf, txt, etc.

Any thoughts?

Re: Encryption and Serialization

Posted: Thu Aug 14, 2008 5:00 am
by it2051229
you mean on the "non-web directory" is a directory that is not inside the "www" folder or hosted directory? well IN PHP yeah, you can.. you can store uploaded files outside the hosted directory. Just make use of the necessary paths.

Re: Encryption and Serialization

Posted: Thu Aug 14, 2008 11:01 am
by neo314
That is what I meant and would be the simplest solution if no encryption is required.