Forum Moderators: phranque
I was wondering if anyone knows of a module that encrypts the files that the Apache web server reads or writes to. Basically I'm in a position where I'm using a wiki as a documentation system. The wiki is written in PHP and saves the content as text files. I'm trying to make sure that the system administrator of the OS (different from one responsible for the wiki) doesn't have access to read these files. I can modify the Apache configuration as I like (load any modules, etc.). Does such a module exist? Thanks.
This is an access-control and privileges problem and should be addressed as such, rather than as an encryption problem; Anything that you can encrypt, the admin can decrypt, so you would be wasting a lot of CPU resources and slowing down the site for little gain.
If there is something you don't trust the admin to see, then either that person should not be the admin, or a re-assessment of the admin's privileges on this server needs to be made by whoever runs the IT department.
Jim
Thank you for your reply. You're right. But there are situations where:
* this would be useful
* it's not easy to change the current access-control / privileges
For such situations, a module like this would be useful in these situations. Also, it doesn't have to be straight-forward for the admin to get the password. Sure you can't protect from a determined sys admin that is really determined, but for most other cases, you could protect the pages.
