There is a growing demand on improved tools for data security also in relation to privacy and GDPR. It would be very nice if Rukovoditel would support a kind of encryption/decryption mechanism for attachments as attachments are stored in the web accessible site folder structure. Alternatively a separate storage location outside the site folder structure would already be very helpful.
Thanks.
Attachment Encryption & Decryption
-
- Posts: 35
- Joined: 24 Jun 2018, 13:03
- Name: Bas de Groot
- Location: Netherlands
- support
- Site Admin
- Posts: 6222
- Joined: 19 Oct 2014, 18:22
- Name: Sergey Kharchishin
- Location: Russia, Evpatoriya
Re: Attachment Encryption & Decryption
At the moment attachment file names are hashed in /uploads/attachment/ folder. So you can't see real filename there.
-
- Posts: 35
- Joined: 24 Jun 2018, 13:03
- Name: Bas de Groot
- Location: Netherlands
Re: Attachment Encryption & Decryption
Hello Sergey,
Very true, however the physical file, hashed name or not, still resides within the site folder structure, which sometimes can be vulnerable for hacking attacks. I understand that file encryption/decryption can cause performance issues and have a high resource consumption. So the alternative can be to store the attachments on another location on the server, without encryption, having the application pointing to the storage location. The storage location path should be stored in the database and not as part in a php config file. Many document management systems use this method to avoid encryption/decryption processing.
Thanks and regards,
Bas
Very true, however the physical file, hashed name or not, still resides within the site folder structure, which sometimes can be vulnerable for hacking attacks. I understand that file encryption/decryption can cause performance issues and have a high resource consumption. So the alternative can be to store the attachments on another location on the server, without encryption, having the application pointing to the storage location. The storage location path should be stored in the database and not as part in a php config file. Many document management systems use this method to avoid encryption/decryption processing.
Thanks and regards,
Bas
- support
- Site Admin
- Posts: 6222
- Joined: 19 Oct 2014, 18:22
- Name: Sergey Kharchishin
- Location: Russia, Evpatoriya
Re: Attachment Encryption & Decryption
Ok, I will think about it. Thank you for the suggestion.
Re: Attachment Encryption & Decryption
Hello Sergey,
I have also issue about encrypt - decrypt attachments in my virtual server. I am using SSL (https) with Rukovoditel.
My question:
Is it possible to store attached files to /uploads/attachments/ without encryption?
Because I have to use it later as an archive to myself.
Or can you tell me, what could be the solution to decrypt those files?
It would be great to decrypt those files as a whole (/attachments) folder together.
Your script is awesome!
Thanks!
Janar
I have also issue about encrypt - decrypt attachments in my virtual server. I am using SSL (https) with Rukovoditel.
My question:
Is it possible to store attached files to /uploads/attachments/ without encryption?
Because I have to use it later as an archive to myself.
Or can you tell me, what could be the solution to decrypt those files?
It would be great to decrypt those files as a whole (/attachments) folder together.
Your script is awesome!
Thanks!
Janar
Re: Attachment Encryption & Decryption
Hello guys
The encryption and decryption of downloads are essential for keeping sensitive material. They act as a security for private information, ensuring that only those with permission can access and use it.GB whatsapp Apk
The encryption and decryption of downloads are essential for keeping sensitive material. They act as a security for private information, ensuring that only those with permission can access and use it.GB whatsapp Apk