coppermine-encryption-to-protect-your-data-possible coppermine-encryption-to-protect-your-data-possible
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

coppermine-encryption-to-protect-your-data-possible

Started by uran235, October 08, 2014, 12:21:49 PM

Previous topic - Next topic

0 Members and 3 Guests are viewing this topic.

uran235

Hello,
I have not yet installed coppermine. It looks great tho, but I can'T find an important feature for me as I have got a shared hoster and I think I can't have trust in shared hosters. They could access all my files if they want to.
So a password-protection does not work and is not secure.

I see that owncloud offers encryption for people who don't have a very own server ( see https://owncloud.org/blog/how-owncloud-uses-encryption-to-protect-your-data/)
Is this possible for coppermine,too? If no maybe someone has the knowledge to do it?!

That would be cool, that's all folks, thank you

Αndré

If you encrypt the data, all your people who should be able to view your gallery (= your visitors) need to have the key to decrypt the data, which also means they cannot access your gallery with their browser (as far as I know). Is this really what you're looking for?

uran235

Hello Αndré,
your are right. I want that people cac see my pics if I want.

I don't know how owncloud-encryption works but tho my files are encrypted on my shared-host I can share links to my files and folders and users can see it without key. Of course with my permission.
So it seems it would be possible,

Αndré

Quote from: uran235 on October 08, 2014, 12:36:07 PM
I don't know how owncloud-encryption works but tho my files are encrypted on my shared-host I can share links to my files and folders and users can see it without key.
I don't know how exactly ownCloud works, but I assume in this case your hosting provider can also see that files, as you (actually, your visitors) send all needed data to the server. Maybe I'm wrong, can you please post an example link?

If you really don't trust your hosting provider, you either need to encrypt and decrypt your files client-sided or you need to host yourself.

uran235

In my first post I a link whichs "explains" how oncloud encryption works

Unfortunately I have no Idea how to post an example BUT if I login with FTP on my server and download my OWNCLOUD files to my PC I can't open the files. Because they are encypted.

Only If I login via Browser with my password I can access my files. And the password is s.th. which my shared host does not have. So it is secure.

QuoteThe Encryption app

The goal of the Encryption app is to protect data on external storage. All files sent there will be encrypted by the ownCloud server, and upon retrieval, decrypted before serving them to you (or those you shared them with). The key to decrypt the data never leaves the ownCloud server. This makes the ownCloud Encryption app a great tool to benefit from cloud storage offered by services like Dropbox or Google Drive while ensuring security and privacy of your data!
encryption_enabling

Using the Encryption app is very simple. Just enable the app and the first time you log in again it will start to encrypt your data. If you later decide to disable the Encryption app, it will provide the option to decrypt your files in your personal settings. Please note that you should be very careful not to lose your login password as you will lose access to your files. As admin you can set a recovery password. See the documentation for more details.

Keep in mind that the Encryption app only encrypts the content of your files. Filename and folder structures are not protected. You can read more technical details on the Encryption app in this blog post.

Αndré

Quote from: uran235 on October 08, 2014, 01:05:57 PM
I have no Idea how to post an example

Just post a link you referred yourself:
Quote from: uran235 on October 08, 2014, 12:36:07 PM
I can share links to my files and folders and users can see it without key

uran235

#6
Okay, here is a LINK, would you be so kind and delete the link as I donT want it to be public. Thank you.
https://ssl-account.com/example.com/owncloud/public.php?service=files&t=0f622a404d1efe48bdd827e4ffe6f5fa

uran235

Thank you again for deleting this link. I would love to give you access to my owncloud files via FTP so you could really see that these files are encypted. So access is not possible ( at least I believe it  ;) )

Αndré

I agree that access isn't possible by file system level. But once you share files or folders by link, your host is of course able to decrypt the shared data, as the "t" parameter is probably stored in an unencrypted database. At the latest when somebody visits that link (as I just did), your host could look in the web servers access logs and easily decrypt the data itself.

This sounds quite theoretical, but as you seem to be very scared about your data, I just wanted to point out that your data currently isn't as save as you think.

Back to topic: Coppermine currently doesn't have such an encryption feature, as it's purpose is not to create a personal archive with sharing feature, but a public gallery (with access restriction, if you like).

uran235


Αndré, thank you very much for explaining this to me. It really was a pleasure talking with you.

As I am really scared of my private DATA I will continue to use owncloud and hope they make such a good gallery as this one here..
   


phill104

Just to be clear, personal data can never really be personal on the web. If someone can view it then it is usually quite easy for anyone to view it. Quite often when we see requests like this it is from people who do not want law agencies to see their image but in most cases they would use other methods such as those Andre detailed.

Rather than thinking about encryption, maybe just keep low res and watermarked images in your gallery and if you want others to see the high res version send that directly. Surely that way, unless you images are a bit iffy then password protection is enough?
It is a mistake to think you can solve any major problems just with potatoes.

uran235

I know that 100% security is never possible. And I only know a little bit of how complicated encryption is. One little mistake and..

Well really, my pics aren't illegal or s.th.; but they are private. And yes, I don't want anyone, who is not permitted, to see my private pics. That is what I understand of privacy.
And my owncloud files. I have private and not private files. I do not share private files as sharing makes encryption vulnerable. So if I really want to show s.o. my private pics (e.g. close family members) I print them out or put it on an USB-Stick and give it to people I trust( yes, I know this can be dumb..)
That's why I thought this encryption feature would be very interesting for me so I could use coppermine, too. I really think it is an outstanding gallery. I just miss this little feature. But of course I respect your opinion, too. Thank you for your feedback.

phill104

Bes bet would be to use a plugin we have. It makes all the files readable only through coppermine as it chowns the files on the fly. Not quite encryption but does stop anyone browsing to your images.

Glad you didn't take my comment about iffy images the wrong way, it was a general observation and not directed squarely at you. In the past we have had quite a few iffy sites.
It is a mistake to think you can solve any major problems just with potatoes.