Re: [WebDNA] encrypt files/directories

This WebDNA talk-list message is from

2011


It keeps the original formatting.
numero = 107600
interpreted = N
texte = for that matter I wonder how easy or hard it is to brute force current = webdna encrypted vals.? I mean the PHP clan has had to abandon md5() in = favor of crypt() (i.e. blowfish) in recent years+ due to the fact that = md5 is too easy to brute force reverse by today's computer power = standards. Webdna is going to need to address this too if we ever = become more popular than "security-through-obscurity". For those wondering what all this means: you can use webdna's [encrypt] to encrypt values you want to remain = unknown in case someone ever saw that encrypted value, like passwords = stored in a database (and you did not want the user to recover the = original data). Other web languages (like PHP) have this kind of thing = too, of course. Well the way people used to encrypt stuff in PHP is no = longer considered secure because hackers can easily write/use software = that can effectively reverse the encryption, *if* the underlying = encrypting algorithms used by the web language are not robust enough to = prevent it. As home computers become more and more powerful, it becomes = easier and easier for hackers to reverse the encryption... and so the = web language developers (like those who write the PHP or Webdna engine) = have to keep making the encryption algorithms stronger and strong. PDFs = used to be made secure by password protecting them. Apparently, those = method are now easily overcome. I wonder if Webdna's encryptions are = likewise now easily overcome? If Webdna gets popular again, we will = surely have to be ready for the added attention by friendly users and = hackers alike. P.S. Steve, maybe you could just .htaccess to realm protect everything = in your PDF folder? (I'm kinda green in all things .htaccess.. so = someone please correct me if it needs it.) Or do you need to = pass-protect for many separate users with diff. passwords? P.P.S. I keep thinking these posts (on this list) would be much easier = to follow (for example in the archives where someone might just come = across one of them, who had not been following along), if we "bottom = post".. meaning write our replies *under* the former (trimmed) text in = the email. I'll try to remember to do that from now on. -G > Might want to spend a few minutes on google seeing how much protection = PDF passwords really get you. >=20 > http://lmgtfy.com/?q=3Dpdf%20recover%20password >=20 >=20 > On Oct 31, 2011, at 3:56 PM, Steve Raslevich -Northern Sound & Light = wrote: >=20 >> Hi Govinda, >>=20 >> No, I don't think you are wrong. I appreciate your input. I am still = learning what all WebDNA can do and get confused sometimes from the docs = that are sometimes very short in explaining things. Your suggestion of = pass protecting the pdf's sounds like my best option. >>=20 >> Best Regards, >> Steve >>=20 >> Govinda wrote: >>> I have not been paying attention in this area.. but I am going to = guess right now (and please show me those docs if you think I am wrong) = that that snippet from those docs is just saying that you as the = webmaster would perhaps like to name your directory where you keep your = encrypted files, "encrypted". But it might as well have suggested you = name that folder "creamFilling". I.e. it is just saying the obvious, = "name your directories well". >>> (?) >>>=20 >>> I don't see how you are going to encrypt PDFs with webdna because to = unencrypt them the webserver has to run them thru the webdna parser .. = and PDFs are not supposed to do that, right? ..that is just for = webpages with webdna tags in them. Or am I being dense somehow? >>>=20 >>> If you want to protect sensitive data in the PDF, why don't you look = at generating pass-protected PDFs (if you are generating them yourself). >>>=20 >>> -Govinda >>>=20 >>>=20 >>>=20 >>>=20 >>>> Hi Govinda, >>>>=20 >>>> Thanks for the links below. Unfortunately, I have already gone over = them. The only docs that are discussed being encrypted are templates. I = am looking for a way to encrypt mainly pdf files as some of the dpf's = contain sensitive info but should be accessible to certain users. >>>>=20 >>>> I thought there may be a way to encrypt an entire directory as the = statement below is included in the WebDNA docs: >>>>=20 >>>> "Another example that would encrypt a file named "filename" from = your disk and copy it in an /encrypted directory:" >>>>=20 >>>>=20 >>>> Thanks for your reply. >>>>=20 >>>> Regards, >>>> Steve >>>> . >>>> Govinda wrote: >>>>=20 >>>>=20 >>>>> Hi Steve >>>>>=20 >>>>> I have not done that in so long.. that I do not know if this is up = to date.. But: >>>>>=20 >>>>>=20 >>>>> http://docs.webdna.us/ >>>>>=20 >>>>> (Click "Appendices ", and "Appendix D - How to create encrypted = templates") >>>>> leads to: >>>>>=20 >>>>> http://docs.webdna.us/pages.html?context=3DEncryptedTemplates.html >>>>>=20 >>>>>=20 >>>>> I used to encrypt files that way, but I never tried to encrypt a = whole folder of stuff. >>>>>=20 >>>>> -Govinda >>>>>=20 >>>>>=20 >>>>>=20 >>>>>=20 >>>>>=20 >>>>>> Hi, >>>>>>=20 >>>>>> Up until now I have only been using [encrypt] and [decrypt] for = fields stored in a database. I now have the need to protect some stored = pdf's. The docs mention encrypting directories and files but fall short = of syntax examples on how to do this. Is it possible to encrypt = directories and files with WebDNA's [encrypt]? If so, could someone = explain how to do so or provide syntax examples? >>>>>>=20 >>>>>> Thank you, >>>>>> Steve >=20 > --------------------------------------------------------- > This message is sent to you because you are subscribed to > the mailing list . > To unsubscribe, E-mail to: > archives: http://mail.webdna.us/list/talk@webdna.us > Bug Reporting: support@webdna.us Associated Messages, from the most recent to the oldest:

    
  1. Re: [WebDNA] encrypt files/directories (Donovan Brooke 2011)
  2. Re: [WebDNA] encrypt files/directories (Govinda 2011)
  3. Re: [WebDNA] encrypt files/directories (christophe.billiottet@webdna.us 2011)
  4. Re: [WebDNA] encrypt files/directories (christophe.billiottet@webdna.us 2011)
  5. Re: [WebDNA] encrypt files/directories (Govinda 2011)
  6. Re: [WebDNA] encrypt files/directories (Grant Hulbert 2011)
  7. Re: [WebDNA] encrypt files/directories (Govinda 2011)
  8. Re: [WebDNA] encrypt files/directories ("Brian B. Burton" 2011)
  9. Re: [WebDNA] encrypt files/directories (Steve Raslevich -Northern Sound 2011)
  10. Re: [WebDNA] encrypt files/directories (Govinda 2011)
  11. Re: [WebDNA] encrypt files/directories (Steve Raslevich -Northern Sound 2011)
  12. Re: [WebDNA] encrypt files/directories (Govinda 2011)
  13. [WebDNA] encrypt files/directories (Steve Raslevich -Northern Sound 2011)
for that matter I wonder how easy or hard it is to brute force current = webdna encrypted vals.? I mean the PHP clan has had to abandon md5() in = favor of crypt() (i.e. blowfish) in recent years+ due to the fact that = md5 is too easy to brute force reverse by today's computer power = standards. Webdna is going to need to address this too if we ever = become more popular than "security-through-obscurity". For those wondering what all this means: you can use webdna's [encrypt] to encrypt values you want to remain = unknown in case someone ever saw that encrypted value, like passwords = stored in a database (and you did not want the user to recover the = original data). Other web languages (like PHP) have this kind of thing = too, of course. Well the way people used to encrypt stuff in PHP is no = longer considered secure because hackers can easily write/use software = that can effectively reverse the encryption, *if* the underlying = encrypting algorithms used by the web language are not robust enough to = prevent it. As home computers become more and more powerful, it becomes = easier and easier for hackers to reverse the encryption... and so the = web language developers (like those who write the PHP or Webdna engine) = have to keep making the encryption algorithms stronger and strong. PDFs = used to be made secure by password protecting them. Apparently, those = method are now easily overcome. I wonder if Webdna's encryptions are = likewise now easily overcome? If Webdna gets popular again, we will = surely have to be ready for the added attention by friendly users and = hackers alike. P.S. Steve, maybe you could just .htaccess to realm protect everything = in your PDF folder? (I'm kinda green in all things .htaccess.. so = someone please correct me if it needs it.) Or do you need to = pass-protect for many separate users with diff. passwords? P.P.S. I keep thinking these posts (on this list) would be much easier = to follow (for example in the archives where someone might just come = across one of them, who had not been following along), if we "bottom = post".. meaning write our replies *under* the former (trimmed) text in = the email. I'll try to remember to do that from now on. -G > Might want to spend a few minutes on google seeing how much protection = PDF passwords really get you. >=20 > http://lmgtfy.com/?q=3Dpdf%20recover%20password >=20 >=20 > On Oct 31, 2011, at 3:56 PM, Steve Raslevich -Northern Sound & Light = wrote: >=20 >> Hi Govinda, >>=20 >> No, I don't think you are wrong. I appreciate your input. I am still = learning what all WebDNA can do and get confused sometimes from the docs = that are sometimes very short in explaining things. Your suggestion of = pass protecting the pdf's sounds like my best option. >>=20 >> Best Regards, >> Steve >>=20 >> Govinda wrote: >>> I have not been paying attention in this area.. but I am going to = guess right now (and please show me those docs if you think I am wrong) = that that snippet from those docs is just saying that you as the = webmaster would perhaps like to name your directory where you keep your = encrypted files, "encrypted". But it might as well have suggested you = name that folder "creamFilling". I.e. it is just saying the obvious, = "name your directories well". >>> (?) >>>=20 >>> I don't see how you are going to encrypt PDFs with webdna because to = unencrypt them the webserver has to run them thru the webdna parser .. = and PDFs are not supposed to do that, right? ..that is just for = webpages with webdna tags in them. Or am I being dense somehow? >>>=20 >>> If you want to protect sensitive data in the PDF, why don't you look = at generating pass-protected PDFs (if you are generating them yourself). >>>=20 >>> -Govinda >>>=20 >>>=20 >>>=20 >>>=20 >>>> Hi Govinda, >>>>=20 >>>> Thanks for the links below. Unfortunately, I have already gone over = them. The only docs that are discussed being encrypted are templates. I = am looking for a way to encrypt mainly pdf files as some of the dpf's = contain sensitive info but should be accessible to certain users. >>>>=20 >>>> I thought there may be a way to encrypt an entire directory as the = statement below is included in the WebDNA docs: >>>>=20 >>>> "Another example that would encrypt a file named "filename" from = your disk and copy it in an /encrypted directory:" >>>>=20 >>>>=20 >>>> Thanks for your reply. >>>>=20 >>>> Regards, >>>> Steve >>>> . >>>> Govinda wrote: >>>>=20 >>>>=20 >>>>> Hi Steve >>>>>=20 >>>>> I have not done that in so long.. that I do not know if this is up = to date.. But: >>>>>=20 >>>>>=20 >>>>> http://docs.webdna.us/ >>>>>=20 >>>>> (Click "Appendices ", and "Appendix D - How to create encrypted = templates") >>>>> leads to: >>>>>=20 >>>>> http://docs.webdna.us/pages.html?context=3DEncryptedTemplates.html >>>>>=20 >>>>>=20 >>>>> I used to encrypt files that way, but I never tried to encrypt a = whole folder of stuff. >>>>>=20 >>>>> -Govinda >>>>>=20 >>>>>=20 >>>>>=20 >>>>>=20 >>>>>=20 >>>>>> Hi, >>>>>>=20 >>>>>> Up until now I have only been using [encrypt] and [decrypt] for = fields stored in a database. I now have the need to protect some stored = pdf's. The docs mention encrypting directories and files but fall short = of syntax examples on how to do this. Is it possible to encrypt = directories and files with WebDNA's [encrypt]? If so, could someone = explain how to do so or provide syntax examples? >>>>>>=20 >>>>>> Thank you, >>>>>> Steve >=20 > --------------------------------------------------------- > This message is sent to you because you are subscribed to > the mailing list . > To unsubscribe, E-mail to: > archives: http://mail.webdna.us/list/talk@webdna.us > Bug Reporting: support@webdna.us Govinda

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

How To question on setting up downloads (1997) [searchString] (1997) Problem (1997) Problems appending to database (1997) transferring values (1998) adding time (2003) Calendar (1997) StartAT and shownext (2000) How to Sort Summ data ? (1997) Re[2]: Enhancement Request for WebCatalog-NT (1996) Cumulative Shipping charge calculations - your help please. (1997) WebCat2b13MacPlugIn - [include] doesn't allow creator (1997) SandBox and ImageMagick (2003) Some shell fun (2004) Upgrading old WebCat Database Files (1997) Credit card issuer by cc number? (1999) RE: creating writefile data from a nested search (1997) Getting Values into Cart the easy way?* (1998) Field names beginning with Reg.. (2002) WebMerchant - fixed, now trigger question... (1999)