What about if the data is super sensitive? Am i not covered with basic http auth over ssl ?!?! This isnt safe enouph in this occasion?
Again (as others have pointed out already): If your data is super sensitive you should not put it on a webserver. IMHO, not even on a system connected to the internet at all.
Please also note that SSL/SSH are just protecting the transfer of that data and your password from (easy) eavesdropping. They do not protect the files lying on the server's filesystem themselfes.
That means you should consider where your server is located, who has access (physical, system and network) to it (like other users, admins), if backups are taken (which means your precious super sensitive data is being copied to other media which you might not have any control over), also think about other ways someone could gain access to that server and your data.
Of course (as mentioned before as well) properly encrypting those files will provide a decent protection using tools like GPG or PGP.
Another (or additional) way could be to hide your (encrypted) data using steganography - that means hiding your data in other data, like a picture so that nobody even knows that there is sensitive data. Take a look at http://www.jjtc.com/stegoarchive/stego.html for more.
But as with all encryption, there is no way to 100% secure your data. And as protection and comfort are usually conflictive, you should sit back and think a couple of minutes about how sensitive that data really is and then decide on what risks are acceptable.
And again, if that data really is super sensitive, you should not put it on any public accessible system. Simple as that ;-)
| [reply] |
Given your history, I think that if you have sensitive data on a web server the only way to protect it would be to have someone else write the perl code for you (until you grasp the language and security risks involved better ).
| [reply] |