FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » Imported messages » comp.lang.php » Nested PHP
Show: Today's Messages :: Polls :: Message Navigator
Return to the default flat view Create a new topic Submit Reply
Re: Nested PHP [message #184858 is a reply to message #184856] Tue, 11 February 2014 16:24 Go to previous messageGo to previous message
Jerry Stuckle is currently offline  Jerry Stuckle
Messages: 2598
Registered: September 2010
Karma:
Senior Member
On 2/11/2014 10:31 AM, Adrian Tuddenham wrote:
> Jerry Stuckle <jstucklex(at)attglobal(dot)net> wrote:
>
>> On 2/11/2014 9:31 AM, Adrian Tuddenham wrote:
>>> Jerry Stuckle <jstucklex(at)attglobal(dot)net> wrote:
>>>
>>> [...]
>>>> My main question here would be - what are you trying to accomplish by
>>>> having files encrypted on your server. Since the decryption code is
>>>> right in plain sight, encrypting the files adds no security. If they
>>>> can get to your raw files, they can get to your decryption code.
>>>
>>> I'm not trying to produce a high-security system, just something which
>>> deters the casual user from downloading PDFs that members of the group
>>> have paid their membership fee to receive. I doubt if anyone wants to
>>> go to all the trouble of decrypting a PDF file in order to avoid paying
>>> £7.50
>>>
>>
>> First of all, you don't need to go to all the trouble of encrypting a
>> pdf to make it unavailable to the casual user. Just place the file
>> outside of your document_root hierarchy and download it with PHP.
>
> I have no access to the server outside my own directory.
>

Then I would suggest you change hosting companies. Any decent hosting
company will give you access to one level below your web root directory.
I wouldn't host with one which does not.
>
>> Second, it's still no security. Once someone has the pdf, they can make
>> and send all the copies they want.
>
> That is why I said it is only a deterrent. Members who receive the
> printed copy can photocopy it and send it to their friends - or even
> scan it in and distribute their own PDF of it.
>

No, it's not even a deterrent. It's only the illusion of one.

>>> I am a bit worried by your statement that the decryption code is in
>>> plain sight,
>
>> That's correct. Anyone who can access your source files can see the
>> decryption code.
>
> How would they get access the source files? I thought the server
> blocked that sort of thing.
>

If everything is working correctly, and hackers don't get into the
server. But this also includes potentially other websites on the same
server, for instance, if the server isn't properly secured, as well as
anyone who has direct access to the server itself.

Personally, if your hosting company don't even give you access to a
directory below your document root, I wouldn't be trusting them to
properly secure the server, either (that doesn't necessarily mean they
DO secure the server if they give you this access - it's just more
LIKELY they know what they're doing).

--
==================
Remove the "x" from my email address
Jerry Stuckle
jstucklex(at)attglobal(dot)net
==================
[Message index]
 
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Previous Topic: Filling an array with random input doesn't quite work
Next Topic: string length
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Thu Nov 28 22:52:32 GMT 2024

Total time taken to generate the page: 0.04332 seconds