Wipe and Rails? (secure file deletes)

Bill Walton wrote:

> I want to use secure file deletes in my app so that the
files are 
> irretrievable after deletion (the files contain
personal health 
> information).  My hosting service has Wipe installed 
> (http://wipe.sourceforge.
net/).  I'd really appreciate hearing from anyone 
> who has any experience with doing secure file deletes
within a Rails app. 
> Is Wipe the best tool to use?  I've never used any of
the utilities that 
> are out there for this.

Don't you have 'shred' from the command line? Would this
work?

  system("shred insecure_file.dat -zu &")

Note the command detaches with &, so a slow shred won't
slow down your 
server's response.

And note that you cannot guarantee security like this; you
must start with 
your server's physical security. All kinds of artifacts from
the information 
will remain on your hard drive.

-- 
  Phlip
  http://f
lea.sourceforge.net/PiglegToo_1.html


--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the
Google Groups "Ruby on Rails: Talk" group.
To post to this group, send email to rubyonrails-talkgooglegroups.com
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribegooglegroups.com
For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---

Hi Phlip,
Phlip wrote:

> Don't you have 'shred' from the command line?
> Would this work?
>
>  system("shred insecure_file.dat -zu &")
>
> Note the command detaches with &, so a slow
> shred won't slow down your server's response.

Thanks for the note on '&'.  I just checked and shred is
available, but I 
didn't know about the detach option.  I've been looking for
something 
asynchronous to avoid a negative impact to the visitor
experience.  I was 
also hoping for something that was more integral to the file
system.  Do you 
have any experience with srm? (http://srm.sourceforge.ne
t/ )

> And note that you cannot guarantee security like this;
> you must start with your server's physical security.
> All kinds of artifacts from the information will
remain
> on your hard drive.

This is my first 'dive' into this and, yeah, it's pretty
complicated.  Looks 
like I need to know, at a minimum, the type of devices in
use, the setup of 
the devices wrt RAID, and the file system in use.  I'm
beginning to wonder 
if my goals are achievable on an VPS setup.  Any experience
/ opinions much 
appreciated.

Best regards,
Bill



--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the
Google Groups "Ruby on Rails: Talk" group.
To post to this group, send email to rubyonrails-talkgooglegroups.com
To unsubscribe from this group, send email to
rubyonrails-talk-unsubscribegooglegroups.com
For more options, visit this group at http://groups.google.com/group/rubyonrails-talk?hl=en
-~----------~----~----~----~------~----~------~--~---