Securing files

Roy Smith roy at panix.com
Wed Feb 23 21:07:31 CET 2011


In article <mailman.351.1298490632.1189.python-list at python.org>,
 "Timothy W. Grove" <tim_grove at sil.org> wrote:

> The problem isn't so much the database itself, as I can think of a 
> number of way to encrypt the data it contains, but some of the data is 
> simply names of image and video files contained elsewhere in the 
> file-system. Is there anyway to prevent a user from simply opening up 
> the file-system from outside of the application and viewing the files? 
> One way that I can think of would be to encode the image/video files as 
> BLOBS and store them in the database itself, but apart from that option, 
> can anyone suggest other ways?

You could have your application create one-time URLs for the images, 
something like http://host.com/image/xxx/yyy, where xxx is a string 
identifying the particular image and yyy is a cryptographic key encoding 
not just xxx, but also a timestamp, and maybe a session key or a cookie 
identifying the client.  The image URL is thus good for only a small 
time window, for a specific client.

Naturally, you need to move the media files to someplace where they are 
not externally visible.  And write the code to generate and check the 
crypto keys.  You *could* store them as database blobs, but just moving 
them out of the externally visible directory tree would be easier, more 
efficient, and just as secure. 

None of this, of course, has anything to do with Python.



More information about the Python-list mailing list