tonyb
I would like to know if there's any method of encrypting the text files in the data folder? Ideally so dokuwiki reads encrytped text, decrypts it, displays it, then encrypts the change(s) back.
I want to pitch Dokuwiki for my company , but they are obsessed with securing the data especially if we're going to put customer account details in the wiki. When I mentioned dokuwiki doesn't need a db backend to store the data they inquired if the file based method was secure .. I haven;t seen any mention of encryption engines or plugins that could be placed between the disk IO layter and the wiki engine to encrypt/decrypt while reading and writing the data , just curious..
-tony
chi
Well, one of the main reasons for the decision to use text files as backend in DokuWiki was easy accessibility of the data. So, for your scenario it might not be the ideal choice. Also, if you'd had a way of having the data files encrypted you had to disable caching for example, because otherwise the rendered XHTML output of every page is cached in data/cache - which would render any encryption of the textfiles useless.
On the other hand, having a db backend to store the data wouldn't make the data more safe if it's not encrypted too. Databases store their data in files too ;-).
So, in the end it's the same as when you use sth. with a db backend. You have to secure the access to the service itself too to be on the safe side.
andi
Oh and you'd need some secret key that is used for encrypting/decrypting that you would need to store in plaintext so DokuWiki can use it. Which again would render encryption useless.
The best option would be to use a encrypted filesystem instead (truecrypt or something similar).