dongyi5570 2013-05-03 05:37
浏览 23

有没有办法加密文件(并在运行中解密),以便它们无法访问 - 即使是root用户? [关闭]

I have some highly confidential documents pertaining to a stealth mode startup venture. They live in a directory outside public_html on the server at my web host. I wrote a system that allows select people to view them (one time only - they're not even in the browser cache) but for all my stealth and security, the one vulnerability I have is the people who work at my web host.

I know I could solve this by setting up my own web server in my home, but (A) it's against my ISP's TOS, and (B) I don't really have the sysadmin chops for truly locking it down.

If I encrypt them, I'd have to be able to decrypt them on the fly for people to view (once they've signed an NDA) -- but in order to decrypt them on the fly, I'd have to have a decryption key (visible) in some file somewhere, wouldn't I?

Thoughts? Comments? Suggestions? Thanks!

  • 写回答

1条回答 默认 最新

  • doubianyan9749 2013-05-03 06:08
    关注

    First of all, lets say you implement a system where the host cannot read the files on disk (say, by giving the authorized user the private key they need and then uploaded an encrypted version just for them). The host is free to sniff out and log all outgoing traffic at the hardware or operating system level, defeating the scheme completely. If information is in clear text at any time on or across the hosts hardware, it if theirs to look at if they want to do so.

    The alternative is uploading an encrypted file for a specific user, and then separately (not using the host) sending them the private-key they need, which they download from the host and then decrypt on their local system. If you worry they can then resend the clear text they obtain, yes - yes they can. But they could do that already if it was readable in their browser, they just had to screen cap or save the page out, or use a localhost proxy, or a half-dozen other options they could use.

    Encryption controls access to information to a key-holder - but that's it. If there's anything better than that, I'm sure the NSA would like a conversation.

    评论

报告相同问题?

悬赏问题

  • ¥20 数学建模,尽量用matlab回答,论文格式
  • ¥15 昨天挂载了一下u盘,然后拔了
  • ¥30 win from 窗口最大最小化,控件放大缩小,闪烁问题
  • ¥20 易康econgnition精度验证
  • ¥15 msix packaging tool打包问题
  • ¥28 微信小程序开发页面布局没问题,真机调试的时候页面布局就乱了
  • ¥15 python的qt5界面
  • ¥15 无线电能传输系统MATLAB仿真问题
  • ¥50 如何用脚本实现输入法的热键设置
  • ¥20 我想使用一些网络协议或者部分协议也行,主要想实现类似于traceroute的一定步长内的路由拓扑功能