Re: Encrypted data on webserver

• Previous message: Michael Heiming: "Re: Encrypted data on webserver"
• In reply to: Christoph R: "Re: Encrypted data on webserver"
• Next in thread: Michael Heiming: "Re: Encrypted data on webserver"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: Luke Vogel <luke@bell-bird.com.au>
Date: Sat, 19 Jan 2002 22:16:56 +1000

Christoph R wrote:

> I'm talking about the HTML docs (and possibly some pics) that should be
> stored
> encrypted on the disk, Just in case someone hacks the server and steals
> the data
> right from the filesystem.
> The process should look something like:
> 1. decrypt the data (data is plain now)
> 2. serve it with apache over ssl (data is encrypted again)
> 3. client decodes the ssl encryption and has his plain data.
>
> Does this make sense? And, more important will it give me additional
> security?

Sending any data over SSL is reasonably secure in terms of data
interception etc, but I doubt that you have much to gain by doing it
this way.

How feasible would it be to send the encrypted files to the end user
encrypted with pgp/gpg on the fly?

I.e.:
1. Client selects desired files and provides his public key
2. server script encrypts the data with the public key and forwards it
to the client.
3. Client uses his private key to decrypt the data.

With this system, you wont get the html docs to be rendered by the
browser of course.

-- 
Regards
Luke
------
Q:  What does FAQ stand for?
A:  We are Frequently Asked this Question, and we have no idea.
------
C.O.L.S FAQ - http://www.linuxsecurity.com/docs/colsfaq.html
Note: Remove NOSPAM from my return address if necessary
------

• Next message: teste'r: "realtime intrusion monitor"
• Previous message: Michael Heiming: "Re: Encrypted data on webserver"
• In reply to: Christoph R: "Re: Encrypted data on webserver"
• Next in thread: Michael Heiming: "Re: Encrypted data on webserver"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]