Securing files

[Timothy W. Grove]

Hello Folks,

In a python application that I'm developing I've been asked to add
security to databases that the program might create and access; the
database is to be password protected by its creator. The application
uses an SQLite database, which could be changed for another back-end if
that would offer better security, but I would still like to use an
embeddable database file.

The problem isn't so much the database itself, as I can think of a
number of way to encrypt the data it contains, but some of the data is
simply names of image and video files contained elsewhere in the
file-system. Is there anyway to prevent a user from simply opening up
the file-system from outside of the application and viewing the files?
One way that I can think of would be to encode the image/video files as
BLOBS and store them in the database itself, but apart from that option,
can anyone suggest other ways? I'm currently working with python2.7
under Windows7, but I'm hoping to extend the application to Linux and
Mac also. Thank you for your help.

Best regards,
Tim

 

[Roy Smith]

The problem isn't so much the database itself, as I can think of a
number of way to encrypt the data it contains, but some of the data is
simply names of image and video files contained elsewhere in the
file-system. Is there anyway to prevent a user from simply opening up
the file-system from outside of the application and viewing the files?
One way that I can think of would be to encode the image/video files as
BLOBS and store them in the database itself, but apart from that option,
can anyone suggest other ways?

You could have your application create one-time URLs for the images,
something like http://host.com/image/xxx/yyy, where xxx is a string
identifying the particular image and yyy is a cryptographic key encoding
not just xxx, but also a timestamp, and maybe a session key or a cookie
identifying the client. The image URL is thus good for only a small
time window, for a specific client.

Naturally, you need to move the media files to someplace where they are
not externally visible. And write the code to generate and check the
crypto keys. You *could* store them as database blobs, but just moving
them out of the externally visible directory tree would be easier, more
efficient, and just as secure.

None of this, of course, has anything to do with Python.

 

[entliczek]

Can't you just create a new user and a special group for him and limit
access privileges to that precise folder only to that user/group? That
way only "the mysterious application" would be able to access them. It's
perfect and very simple solution.

Storing especially video files (that are usually quite big) in a blob is
not very efficient and would kill data base engine if someone would like
to open big movie.

Need more info. Is it online/web/server application? What's its main
purpose.