Re: [WebDNA] encrypt files/directories
This WebDNA talk-list message is from 2011
It keeps the original formatting.
numero = 107600
interpreted = N
texte = for that matter I wonder how easy or hard it is to brute force current =webdna encrypted vals.? I mean the PHP clan has had to abandon md5() in =favor of crypt() (i.e. blowfish) in recent years+ due to the fact that =md5 is too easy to brute force reverse by today's computer power =standards. Webdna is going to need to address this too if we ever =become more popular than "security-through-obscurity".For those wondering what all this means:you can use webdna's [encrypt] to encrypt values you want to remain =unknown in case someone ever saw that encrypted value, like passwords =stored in a database (and you did not want the user to recover the =original data). Other web languages (like PHP) have this kind of thing =too, of course. Well the way people used to encrypt stuff in PHP is no =longer considered secure because hackers can easily write/use software =that can effectively reverse the encryption, *if* the underlying =encrypting algorithms used by the web language are not robust enough to =prevent it. As home computers become more and more powerful, it becomes =easier and easier for hackers to reverse the encryption... and so the =web language developers (like those who write the PHP or Webdna engine) =have to keep making the encryption algorithms stronger and strong. PDFs =used to be made secure by password protecting them. Apparently, those =method are now easily overcome. I wonder if Webdna's encryptions are =likewise now easily overcome? If Webdna gets popular again, we will =surely have to be ready for the added attention by friendly users and =hackers alike.P.S. Steve, maybe you could just .htaccess to realm protect everything =in your PDF folder? (I'm kinda green in all things .htaccess.. so =someone please correct me if it needs it.) Or do you need to =pass-protect for many separate users with diff. passwords?P.P.S. I keep thinking these posts (on this list) would be much easier =to follow (for example in the archives where someone might just come =across one of them, who had not been following along), if we "bottom =post".. meaning write our replies *under* the former (trimmed) text in =the email. I'll try to remember to do that from now on.-G> Might want to spend a few minutes on google seeing how much protection =PDF passwords really get you.>=20> http://lmgtfy.com/?q=3Dpdf%20recover%20password>=20>=20> On Oct 31, 2011, at 3:56 PM, Steve Raslevich -Northern Sound & Light =wrote:>=20>> Hi Govinda,>>=20>> No, I don't think you are wrong. I appreciate your input. I am still =learning what all WebDNA can do and get confused sometimes from the docs =that are sometimes very short in explaining things. Your suggestion of =pass protecting the pdf's sounds like my best option.>>=20>> Best Regards,>> Steve>>=20>> Govinda wrote:>>> I have not been paying attention in this area.. but I am going to =guess right now (and please show me those docs if you think I am wrong) =that that snippet from those docs is just saying that you as the =webmaster would perhaps like to name your directory where you keep your =encrypted files, "encrypted". But it might as well have suggested you =name that folder "creamFilling". I.e. it is just saying the obvious, ="name your directories well".>>> (?)>>>=20>>> I don't see how you are going to encrypt PDFs with webdna because to =unencrypt them the webserver has to run them thru the webdna parser .. =and PDFs are not supposed to do that, right? ..that is just for =webpages with webdna tags in them. Or am I being dense somehow?>>>=20>>> If you want to protect sensitive data in the PDF, why don't you look =at generating pass-protected PDFs (if you are generating them yourself).>>>=20>>> -Govinda>>>=20>>>=20>>>=20>>>=20>>>> Hi Govinda,>>>>=20>>>> Thanks for the links below. Unfortunately, I have already gone over =them. The only docs that are discussed being encrypted are templates. I =am looking for a way to encrypt mainly pdf files as some of the dpf's =contain sensitive info but should be accessible to certain users.>>>>=20>>>> I thought there may be a way to encrypt an entire directory as the =statement below is included in the WebDNA docs:>>>>=20>>>> "Another example that would encrypt a file named "filename" from =your disk and copy it in an /encrypted directory:">>>>=20>>>>=20>>>> Thanks for your reply.>>>>=20>>>> Regards,>>>> Steve>>>> .>>>> Govinda wrote:>>>>=20>>>>=20>>>>> Hi Steve>>>>>=20>>>>> I have not done that in so long.. that I do not know if this is up =to date.. But:>>>>>=20>>>>>=20>>>>> http://docs.webdna.us/>>>>>=20>>>>> (Click "Appendices ", and "Appendix D - How to create encrypted =templates")>>>>> leads to:>>>>>=20>>>>> http://docs.webdna.us/pages.html?context=3DEncryptedTemplates.html>>>>>=20>>>>>=20>>>>> I used to encrypt files that way, but I never tried to encrypt a =whole folder of stuff.>>>>>=20>>>>> -Govinda>>>>>=20>>>>>=20>>>>>=20>>>>>=20>>>>>=20>>>>>> Hi,>>>>>>=20>>>>>> Up until now I have only been using [encrypt] and [decrypt] for =fields stored in a database. I now have the need to protect some stored =pdf's. The docs mention encrypting directories and files but fall short =of syntax examples on how to do this. Is it possible to encrypt =directories and files with WebDNA's [encrypt]? If so, could someone =explain how to do so or provide syntax examples?>>>>>>=20>>>>>> Thank you,>>>>>> Steve>=20> ---------------------------------------------------------> This message is sent to you because you are subscribed to> the mailing list
.> To unsubscribe, E-mail to: > archives: http://mail.webdna.us/list/talk@webdna.us> Bug Reporting: support@webdna.us
Associated Messages, from the most recent to the oldest:
for that matter I wonder how easy or hard it is to brute force current =webdna encrypted vals.? I mean the PHP clan has had to abandon md5() in =favor of crypt() (i.e. blowfish) in recent years+ due to the fact that =md5 is too easy to brute force reverse by today's computer power =standards. Webdna is going to need to address this too if we ever =become more popular than "security-through-obscurity".For those wondering what all this means:you can use webdna's [encrypt] to encrypt values you want to remain =unknown in case someone ever saw that encrypted value, like passwords =stored in a database (and you did not want the user to recover the =original data). Other web languages (like PHP) have this kind of thing =too, of course. Well the way people used to encrypt stuff in PHP is no =longer considered secure because hackers can easily write/use software =that can effectively reverse the encryption, *if* the underlying =encrypting algorithms used by the web language are not robust enough to =prevent it. As home computers become more and more powerful, it becomes =easier and easier for hackers to reverse the encryption... and so the =web language developers (like those who write the PHP or Webdna engine) =have to keep making the encryption algorithms stronger and strong. PDFs =used to be made secure by password protecting them. Apparently, those =method are now easily overcome. I wonder if Webdna's encryptions are =likewise now easily overcome? If Webdna gets popular again, we will =surely have to be ready for the added attention by friendly users and =hackers alike.P.S. Steve, maybe you could just .htaccess to realm protect everything =in your PDF folder? (I'm kinda green in all things .htaccess.. so =someone please correct me if it needs it.) Or do you need to =pass-protect for many separate users with diff. passwords?P.P.S. I keep thinking these posts (on this list) would be much easier =to follow (for example in the archives where someone might just come =across one of them, who had not been following along), if we "bottom =post".. meaning write our replies *under* the former (trimmed) text in =the email. I'll try to remember to do that from now on.-G> Might want to spend a few minutes on google seeing how much protection =PDF passwords really get you.>=20> http://lmgtfy.com/?q=3Dpdf%20recover%20password>=20>=20> On Oct 31, 2011, at 3:56 PM, Steve Raslevich -Northern Sound & Light =wrote:>=20>> Hi Govinda,>>=20>> No, I don't think you are wrong. I appreciate your input. I am still =learning what all WebDNA can do and get confused sometimes from the docs =that are sometimes very short in explaining things. Your suggestion of =pass protecting the pdf's sounds like my best option.>>=20>> Best Regards,>> Steve>>=20>> Govinda wrote:>>> I have not been paying attention in this area.. but I am going to =guess right now (and please show me those docs if you think I am wrong) =that that snippet from those docs is just saying that you as the =webmaster would perhaps like to name your directory where you keep your =encrypted files, "encrypted". But it might as well have suggested you =name that folder "creamFilling". I.e. it is just saying the obvious, ="name your directories well".>>> (?)>>>=20>>> I don't see how you are going to encrypt PDFs with webdna because to =unencrypt them the webserver has to run them thru the webdna parser .. =and PDFs are not supposed to do that, right? ..that is just for =webpages with webdna tags in them. Or am I being dense somehow?>>>=20>>> If you want to protect sensitive data in the PDF, why don't you look =at generating pass-protected PDFs (if you are generating them yourself).>>>=20>>> -Govinda>>>=20>>>=20>>>=20>>>=20>>>> Hi Govinda,>>>>=20>>>> Thanks for the links below. Unfortunately, I have already gone over =them. The only docs that are discussed being encrypted are templates. I =am looking for a way to encrypt mainly pdf files as some of the dpf's =contain sensitive info but should be accessible to certain users.>>>>=20>>>> I thought there may be a way to encrypt an entire directory as the =statement below is included in the WebDNA docs:>>>>=20>>>> "Another example that would encrypt a file named "filename" from =your disk and copy it in an /encrypted directory:">>>>=20>>>>=20>>>> Thanks for your reply.>>>>=20>>>> Regards,>>>> Steve>>>> .>>>> Govinda wrote:>>>>=20>>>>=20>>>>> Hi Steve>>>>>=20>>>>> I have not done that in so long.. that I do not know if this is up =to date.. But:>>>>>=20>>>>>=20>>>>> http://docs.webdna.us/>>>>>=20>>>>> (Click "Appendices ", and "Appendix D - How to create encrypted =templates")>>>>> leads to:>>>>>=20>>>>> http://docs.webdna.us/pages.html?context=3DEncryptedTemplates.html>>>>>=20>>>>>=20>>>>> I used to encrypt files that way, but I never tried to encrypt a =whole folder of stuff.>>>>>=20>>>>> -Govinda>>>>>=20>>>>>=20>>>>>=20>>>>>=20>>>>>=20>>>>>> Hi,>>>>>>=20>>>>>> Up until now I have only been using [encrypt] and [decrypt] for =fields stored in a database. I now have the need to protect some stored =pdf's. The docs mention encrypting directories and files but fall short =of syntax examples on how to do this. Is it possible to encrypt =directories and files with WebDNA's [encrypt]? If so, could someone =explain how to do so or provide syntax examples?>>>>>>=20>>>>>> Thank you,>>>>>> Steve>=20> ---------------------------------------------------------> This message is sent to you because you are subscribed to> the mailing list .> To unsubscribe, E-mail to: > archives: http://mail.webdna.us/list/talk@webdna.us> Bug Reporting: support@webdna.us
Govinda
DOWNLOAD WEBDNA NOW!
Top Articles:
Talk List
The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...
Related Readings:
Monthly Reports (2000)
_ in front of field name (1998)
RE: UN-WANTED character conversion (1999)
Multi-Row Tables from a search. (1997)
Kudos (1998)
WebCat2 - Getting to the browser's username/password data (1997)
Random search is not random (2002)
SKU lookup (1997)
WebCat2b13MacPlugIn - [showif][search][/showif] (1997)
paymethod=cc allows all zeros (1999)
webcat 2.1 new cart fields - please explain more (1998)
Using Applescript to process WebCatalog functions (1998)
Unexpected error (1997)
[WebDNA] 6.2 Monitor (2012)
Browser Problem?!? Still getting Error message using POST! (1997)
NT vs Mac (1997)
Displaying text and populating form fields (again) (2005)
maximu values for sendmail! (1997)
no global [username] or [password] displayed ... (1997)
WebDNA / Red Hat 9 ? (2003)