[Owncloud] Re: GSOC brainstorming.
Hasanat Kazmi
hasanatkazmi at gmail.com
Thu Jan 27 18:52:11 UTC 2011
On Thu, Jan 27, 2011 at 4:26 PM, Fabio Alessandro Locati
<flocati at grimp.eu> wrote:
> I would like to ask about the security of this system. How can I be sure
> where my data are and who can see them?
One way of securing the content is to zip it with password on fly.
Thats easily doable using built-in php modules. Moreover, every OS
nowadays has build in zipping & unzipping support.
But still the content of folders will be apparent to tracker server,
though it can't see whats inside the files. This can also be fixed by
using client-side JavaScript encryption.
About Client side JavaScript encryption:
You get folder list in encrypted from. Now the user enters password on
the webpage and it decrypts it on the fly (using js, without
communication with server). (It won't be slow because encrypted
content is very small) User can always have a glimpse on source of
webpage to ensure that it not tempered by tracker. Even if tracker is
somehow saving my decrypting password, it still can't look inside the
content.
Suggestions are welcome.
Hasanat Kazmi
+923464362473
More information about the Owncloud
mailing list