|
Posted by Bret Hughes on 10/04/86 11:08
On Tue, 2005-02-15 at 14:00, Richard Lynch wrote:
> Matt M. wrote:
> >> I have a database that contains encrypted data using Mysql function
> >> ENCODE(). Certain users will be allowed to view this data and I will
> >> allow
> >> them to download a CSV file contain the decrypted data using the Mysql
> >> DECODE() function. However I don't want this file to be left on the
> >> server,
> >> is there a way to ensure that the file is deleted immediately after it
> >> has
> >> been downloaded?
> >
> > http://us4.php.net/unlink
>
> PS If the data is REALLY sensitive, you may want to look into command line
> tools to actually ERASE the data instead of just doing unlink.
>
> 'unlink' only nukes the directory information to find the file. The file
> contents still exist, intact, and there are tools to mine un-linked files
> to find content.
>
> Hard Drive forensics experts can even manage to retrieve over-written
> files based on some very very very expensive/hard analysis of the magentic
> fields -- Sort of like reading through scratched out stuff on paper by
> holding it up to the light, only a lot more technical and a lot more
> expensive... It's unlikely you need to worry about *THAT* though, as I
> understand it...
>
As Richard pointed out the unlink will leave the data on the disk but
simply remove the directory pointers to it. If physical security of the
box is an issue then overwriting the file with random data and then
unlinking it might be a decent solution. If a file is opened for
writing I suspect it depends on the operating system as to whether the
same disk blocks are used so overwriting a file might not actually over
write the data on the disk. It should, however at least change the
directory entry enough that someone with access to the box will not be
able to use a simple undelete utility to retrieve the file.
Bret
Navigation:
[Reply to this message]
|