[Zope] How do I encrypt files in the ZODB

J Cameron Cooper jccooper@jcameroncooper.com
Mon, 21 Jul 2003 17:09:48 -0500


>
>
>I recently finished my first project in Zope! A file
>managements system with it's own admin screens.
>
Congrats.

>I have recently received requirements for the next version
>in which the client is asking that the contractors have
>access to everything but the PDFs that have been uploaded.
>I know that I could encrypt the PDFs before that they are
>uploaded but the secretaries that do it it have a hard
>enough time just creating PDFs.
>
I don't follow, in that I don't see encryption in those requirements. 
Just use Zope's permissions mechanism to set the relevant files 
(presumably on upload) such that you don't allow whomever you don't want 
to see them to see them.

>This leads me to my subject. How do I encrypt files in the
>ZODB? With regards to just PDFs.
>
>Something in Python?
>A product that I missed?
>A How To that I missed?
>Upload the files to a external file system that is
>encrypted?
>  
>
But if you really want to encrpy something (and, really, security 
restrictions are just as good unless you're [a] holding very very 
valuable documents or [b] incredibly paranoid or [c] are at high risk 
for break-in or internal monkey-business) go find a security library for 
Python and throw the files through as they come in. It's probably a 
three-line operation.

Where does one get one of those? Try Google on 'python encrypt'. Some 
promising links from that very search:

http://aspn.activestate.com/ASPN/Cookbook/Python/Recipe/132540
http://www.post1.com/home/ngps/m2/howto.smime.html
http://home.pacific.net.au/~twhitema/des.html

One could, of course, use one of the encrypted filesystems in lieu or 
for good measure, keeping in mind that this will only protect from 
breaches of physical security (an online hack is not troubled by such a 
thing, in general.)

An aside: for encrypted remote filesystems, check out the arcane but 
cool Self-certifying File System:
http://www.fs.net/sfswww/

          --jcc