Securing files

Discussion in 'Python' started by Timothy W. Grove, Feb 23, 2011.

  1. Hello Folks,

    In a python application that I'm developing I've been asked to add
    security to databases that the program might create and access; the
    database is to be password protected by its creator. The application
    uses an SQLite database, which could be changed for another back-end if
    that would offer better security, but I would still like to use an
    embeddable database file.

    The problem isn't so much the database itself, as I can think of a
    number of way to encrypt the data it contains, but some of the data is
    simply names of image and video files contained elsewhere in the
    file-system. Is there anyway to prevent a user from simply opening up
    the file-system from outside of the application and viewing the files?
    One way that I can think of would be to encode the image/video files as
    BLOBS and store them in the database itself, but apart from that option,
    can anyone suggest other ways? I'm currently working with python2.7
    under Windows7, but I'm hoping to extend the application to Linux and
    Mac also. Thank you for your help.

    Best regards,
    Tim
     
    Timothy W. Grove, Feb 23, 2011
    #1
    1. Advertising

  2. Timothy W. Grove

    Roy Smith Guest

    In article <>,
    "Timothy W. Grove" <> wrote:

    > The problem isn't so much the database itself, as I can think of a
    > number of way to encrypt the data it contains, but some of the data is
    > simply names of image and video files contained elsewhere in the
    > file-system. Is there anyway to prevent a user from simply opening up
    > the file-system from outside of the application and viewing the files?
    > One way that I can think of would be to encode the image/video files as
    > BLOBS and store them in the database itself, but apart from that option,
    > can anyone suggest other ways?


    You could have your application create one-time URLs for the images,
    something like http://host.com/image/xxx/yyy, where xxx is a string
    identifying the particular image and yyy is a cryptographic key encoding
    not just xxx, but also a timestamp, and maybe a session key or a cookie
    identifying the client. The image URL is thus good for only a small
    time window, for a specific client.

    Naturally, you need to move the media files to someplace where they are
    not externally visible. And write the code to generate and check the
    crypto keys. You *could* store them as database blobs, but just moving
    them out of the externally visible directory tree would be easier, more
    efficient, and just as secure.

    None of this, of course, has anything to do with Python.
     
    Roy Smith, Feb 23, 2011
    #2
    1. Advertising

  3. Timothy W. Grove

    entliczek Guest

    Can't you just create a new user and a special group for him and limit
    access privileges to that precise folder only to that user/group? That
    way only "the mysterious application" would be able to access them. It's
    perfect and very simple solution.

    Storing especially video files (that are usually quite big) in a blob is
    not very efficient and would kill data base engine if someone would like
    to open big movie.

    Need more info. Is it online/web/server application? What's its main
    purpose.

    --
    Greets,
    entliczek
     
    entliczek, Feb 23, 2011
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Chris

    Securing XML files

    Chris, Jan 29, 2007, in forum: ASP .Net
    Replies:
    2
    Views:
    330
    bruce barker
    Jan 29, 2007
  2. JAG
    Replies:
    0
    Views:
    334
  3. Steve Lloyd

    Securing files for download.

    Steve Lloyd, Dec 9, 2003, in forum: ASP .Net Security
    Replies:
    4
    Views:
    165
    Petr PALAS
    Dec 12, 2003
  4. crjunk

    Securing and Accessing XML Files

    crjunk, Dec 20, 2004, in forum: ASP .Net Security
    Replies:
    1
    Views:
    104
    Patrick Olurotimi Ige
    Dec 21, 2004
  5. Jon Haakon Ariansen

    Securing static files

    Jon Haakon Ariansen, Jun 20, 2006, in forum: ASP .Net Security
    Replies:
    9
    Views:
    140
    Dominick Baier [DevelopMentor]
    Jun 21, 2006
Loading...

Share This Page