| Unzip password-protected ZIP file in RAM? [message #183447] |
Fri, 25 October 2013 12:51  |
Gilles Ganault
Messages: 27
Registered: September 2010
Karma: 0
|
Junior Member |
|
|
Hello
This is a newbie question.
While travelling, I keep an .htaccess-protected text files with
e-mails/passwords, credit card numbers, etc.
To make it more secure, I was thinking of compressing the file as a
password-protected ZIP file, and access it through a PHP script that
would unzip it in RAM and display the contents, so that a clear text
version is no longer necessary.
What do you think? Can PHP do this?
It's 5.3.13 running on a hosted *nix server.
Thank you.
|
|
|
|
| Re: Unzip password-protected ZIP file in RAM? [message #183449 is a reply to message #183447] |
Fri, 25 October 2013 16:37  |
J.O. Aho
Messages: 194
Registered: September 2010
Karma: 0
|
Senior Member |
|
|
On 25/10/13 14:51, Gilles wrote:
> Hello
>
> This is a newbie question.
>
> While travelling, I keep an .htaccess-protected text files with
> e-mails/passwords, credit card numbers, etc.
>
> To make it more secure, I was thinking of compressing the file as a
> password-protected ZIP file, and access it through a PHP script that
> would unzip it in RAM and display the contents, so that a clear text
> version is no longer necessary.
>
> What do you think? Can PHP do this?
zip files not that safe.
> It's 5.3.13 running on a hosted *nix server.
A shared sercer not that safe to store things on.
Would recommend you to think of using TrueCrypt, works on all major
operating systems and majority of cellphones. This would be outside the
scope of this user group.
--
//Aho
|
|
|
|
| Re: Unzip password-protected ZIP file in RAM? [message #183450 is a reply to message #183447] |
Fri, 25 October 2013 17:18 |
Robert Heller
Messages: 60
Registered: December 2010
Karma: 0
|
Member |
|
|
At Fri, 25 Oct 2013 14:51:38 +0200 Gilles <nospam(at)nospam(dot)com> wrote:
>
> Hello
>
> This is a newbie question.
>
> While travelling, I keep an .htaccess-protected text files with
> e-mails/passwords, credit card numbers, etc.
You really don't want to do this!
>
> To make it more secure, I was thinking of compressing the file as a
> password-protected ZIP file, and access it through a PHP script that
> would unzip it in RAM and display the contents, so that a clear text
> version is no longer necessary.
This probably not really much better.
>
> What do you think? Can PHP do this?
>
> It's 5.3.13 running on a hosted *nix server.
>
> Thank you.
>
--
Robert Heller -- 978-544-6933 / heller(at)deepsoft(dot)com
Deepwoods Software -- http://www.deepsoft.com/
() ascii ribbon campaign -- against html e-mail
/\ www.asciiribbon.org -- against proprietary attachments
|
|
|
|
|
|
| Re: Unzip password-protected ZIP file in RAM? [message #183452 is a reply to message #183450] |
Fri, 25 October 2013 19:30 |
The Natural Philosoph
Messages: 993
Registered: September 2010
Karma: 0
|
Senior Member |
|
|
On 25/10/13 18:18, Robert Heller wrote:
> At Fri, 25 Oct 2013 14:51:38 +0200 Gilles <nospam(at)nospam(dot)com> wrote:
>
>>
>> Hello
>>
>> This is a newbie question.
>>
>> While travelling, I keep an .htaccess-protected text files with
>> e-mails/passwords, credit card numbers, etc.
>
> You really don't want to do this!
Indeed. te way I did this on a laptop which given where we were
operating was very vulnerable to theft, as to used a USB pen drive,
which was only inserted in the laptop when it was fully attended.
The data in the drive (it as a mySQL database) was encrypted using an
mysql encryption function -AES_ENCYPT('data','key') - and the key was in
the actual PHP code on the laptop hard drive.
that meant that the data was secure if the pen drive was lost, and the
computer didn't have the data on it anyway, although it had the means to
decrypt it.
what it did mean that the loss of other the pen drive or the laptop was
no big deal. the sort of thieves would be likely to be uninterested in
the data anyway, and it wouldn't look like 'windows' anyway so they
would probably wipe it.
The pen drive was formatted EXT2 IIRC so didn't read in a windows
machine anyway.
So it would take a criminal linux hacker to discover the data, which
wasn't named in an obvious way, and the laptop as well, or a knowledge
of what algo was in use, and a lot of patience to get the data back.
So that's what I would do: format a USB stick pen drive with a Linux
format (assuming you are using linux) and set up an instance of apache
on the lappie to serve internally via php the contents of an encrypted
DB on the USB stick pen drive.
Always remove the pen drive after use.
>
>>
>> To make it more secure, I was thinking of compressing the file as a
>> password-protected ZIP file, and access it through a PHP script that
>> would unzip it in RAM and display the contents, so that a clear text
>> version is no longer necessary.
>
> This probably not really much better.
>
>>
>> What do you think? Can PHP do this?
>>
>> It's 5.3.13 running on a hosted *nix server.
>>
>> Thank you.
>>
>
--
Ineptocracy
(in-ep-toc’-ra-cy) – a system of government where the least capable to
lead are elected by the least capable of producing, and where the
members of society least likely to sustain themselves or succeed, are
rewarded with goods and services paid for by the confiscated wealth of a
diminishing number of producers.
|
|
|
|
| Re: Unzip password-protected ZIP file in RAM? [message #183453 is a reply to message #183452] |
Fri, 25 October 2013 19:53 |
Gilles Ganault
Messages: 27
Registered: September 2010
Karma: 0
|
Junior Member |
|
|
On Fri, 25 Oct 2013 20:30:27 +0100, The Natural Philosopher
<tnp(at)invalid(dot)invalid> wrote:
> So that's what I would do: format a USB stick pen drive with a Linux
> format (assuming you are using linux) and set up an instance of apache
> on the lappie to serve internally via php the contents of an encrypted
> DB on the USB stick pen drive.
Thanks for the tip. USB sockets are usually off-limit in web cafés,
which is where I'd go if I lost my smartphone, but I'll check it out.
|
|
|
|
|
|
Calendar
Search
Help
Members
Register
Login
Home
]