encrypted pagestore?

I'm setting up a wiki for a client who is very concerned
about his 
information remaining secure... the site will only be
accessible via 
SSL, and only to logged-in users who have previously passed
a security 
check.

The trouble is, the site is hosted on a GoDaddy shared
server, where the 
only way to access the files is FTP.  I'm concerned that the
FTP 
password could be intercepted and all the stored data --
which is 
unencrypted on the server -- downloaded in minutes.  I just
got off the 
phone with GoDaddy, and setting up SCP or SFTP is not an
option for 
their shared servers, only for the virtual private ones
which cost 3x 
more.  So we're looking at changing the FTP password each
time we use 
it, which is a hassle and doesn't protect the actual data
from being 
intercepted during FTP transfer, should the client want to
back it up 
off-site.  Clearly if he is serious about security, a
different host or 
the more expensive hosting account is the only real
solution, and I'll 
advise him of that.

However... my question is, has anyone looked into writing an
encrypted 
pagestore, so that if wiki page files were downloaded or
intercepted it 
would not be immediately obvious what they were or how to
decrypt them? 
  I'm not very knowledgeable about encryption... what
routine would be 
most useful for such a purpose?  Is this even a worthwhile
venture?

Thanks in advance!  --Ben

_______________________________________________
pmwiki-devel mailing list
pmwiki-develpmichaud.com
http://www.pmichaud.com/mailman/listinfo/pmwiki-devel

Ben Stallings schrieb:
> Is this even a worthwhile venture?
I think an encrypted PageStore will not solve your problem.
If somebody 
can access your page files, he might get your program files
as well. And 
somewhere you will have to tell PmWiki how to to decrypt
your page files.

Ansgar

P.S.: Apart from the FTP-problem you should think of setting

$EnableDirectDownload to 0  so that  the page permissions
can take 
effect for Attachments as  well. || 
<http://www.pmwiki.org/wiki/PmWiki/Uplo
adVariables#EnableDirectDownload>

_______________________________________________
pmwiki-devel mailing list
pmwiki-develpmichaud.com
http://www.pmichaud.com/mailman/listinfo/pmwiki-devel

--- Ben Stallings <beninterdependentweb.com>
wrote:
...
> However... my question is, has anyone looked into
> writing an encrypted 
> pagestore, so that if wiki page files were
> downloaded or intercepted it 
> would not be immediately obvious what they were or
> how to decrypt them? 

Let me try to understand your threat model a little
better.  This model will help suggest a solution.

Are you concerned with an attacker:

1) who can sniff your ftp transfer of these files
(sounds like yes?)

2) who can sniff your ftp password and therefor even
access the files once they are on the server (sounds
like yes also?)

3) who has root access on the server (i.e. godaddy
sysadmins?)

-If you are only concerned with #1 there are ways of
encrypting the files before transferring them and
decrypting them afterwards allowing you to use
unencrypted ftp.

-If you are only concerned with #1 and #2, an
encrypted pagestore which is decrypted on the fly with
the browsing user's password would be helpful to you. 
There is a PITS for this here:

  http://pmwiki.org/w
iki/PITS/00545

This is conceivably possible, the hard part as
mentioned in the PITS is managing the keys.  

I actually began work on such a project last summer 
and got to the point of being able to encrypt and
decrypt the pagestore.  I did not get very far in the
key management area though, I was planning on
implementing the key management scheme that I proposed
at the bottom of the PITS page.  I could provide my
code if you are interested in finishing the project,
or hiring me or someone else to finish it. 

-If you are concerned with all three of these threats
then you are probably SOL since a root user can always
access memory to view the decrypted content of the
files when they are being decrypted for on the fly
viewing.

Good luck,

-Martin



     
____________________________________________________________
________________________
Be a better friend, newshound, and 
know-it-all with Yahoo! Mobile.  Try it now.  http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9
tAcJ 


_______________________________________________
pmwiki-devel mailing list
pmwiki-develpmichaud.com
http://www.pmichaud.com/mailman/listinfo/pmwiki-devel

On Sat, 5 Jan 2008, Martin Fick wrote:

> 3) who has root access on the server (i.e. godaddy
sysadmins?)
>
> -If you are concerned with all three of these threats
then you are 
> probably SOL since a root user can always access memory
to view the 
> decrypted content of the files when they are being
decrypted for on the 
> fly viewing.

I think there's also a threat situation where non-root users
on the server 
can read files in wiki.d/, e.g. 'apache'.  In this case,
having the files 
encrypted could help, although key management is still a
problem.

/Christian

-- 
Christian Ridderström, +46-8-768 39 44               http://www.md.kth.se/~chr
_______________________________________________
pmwiki-devel mailing list
pmwiki-develpmichaud.com
http://www.pmichaud.com/mailman/listinfo/pmwiki-devel