Code first, then an explanation:
<?php
header("Content-Type: application/octet-stream");
header("Content-Disposition: attachment; filename=\"".$_POST['filename']."\"");
$key = md5(rand());
echo $key;
$key = str_repeat($key,ceil(strlen($_POST['data'])/32));
echo $_POST['data'] ^ $key;
?>
What this does is allow me to POST data through a form (dynamically generated) and have the posted data be downloaded as a file.
I'm using a very basic XOR encryption that puts the (fixed-length, 32-byte) key at that start of the file. The intention is not to secure the data, but rather to obfuscate it.
Having such a file means that potentially anyone could POST whatever data they wanted to it and it would be offered as a download to the user's computer, but I believe a combination of the user having to accept the download, and the data being passed through XOR with a one-time key, is enough to prevent malicious use.
Is there any reason why I should not use such a file? Are there better alternatives to what I'm doing? Is application/octet-stream the appropriate MIME-type?
