frisi
commented
8 years ago @agroszer, @mgedmin and @strichter as you are the people that contributed to this package and are listed as owners on pypi i'm mentioning your names here.
we are trying to add support for encrypting files in the blobstorage and would like to get your feedback on the work done by now.
encryption is working well - i think. decryption is done by creating a temporary decrypted file in $INSTANCE_HOME/var/tmp and return its filename instead of the filename of the original blobfile.
@pcdummy already started to implement "junk encoding" the files to save ram and gain performance. we'd need to use https://github.com/webmeisterei/keas.kmi/tree/enc_dec_file to get this working.
one of the open issues is the "garbage collection" of encrypted files in $INSTANCE_HOME/var/tmp. a simple idea would be to delete files older than 2 minutes that are not yet opened using cron. ideally loadBlob and storeBlob should work with filedescriptions instead of passing filenames and data. this way we could return enc- and decrypted streams and do not worry about cleaning up temporary files.
we'd love to get your feedback. what needs to be done to get this merged?
we are happy to add tests for our blob related additions as soon as we got your feedback and and can be sure this gets merged. maybe you could help us to fix the tests?
mgedmin
jochumdev
We implemented Bob encryption here. Its a bit of a hack as
keas.kmiandZODBdoen't support file streams/fd passing.So we have to save the encrypted file somewhere on the filesystem and return the filename of that temporary encrypted file.
Is there a better way to solve this?