I want to create an application where user can upload their secret documents. Secret means no one can see the document even the super admin of the server can't even see the document. In other words I want system level authentication. Is there a way to do it with Django? How should I overcome this problem? I have a VPS to store files but I want to create separate document folder for each user which can only be accessed by the user. Not even by me or by the server admin. Any idea would be appreciated. What should be my approach?
Asked
Active
Viewed 322 times
2
-
You cannot protect information from a server admin. By definition, they have access to everything. – Maximilian Burszley Nov 30 '18 at 19:11
-
Oh. So what should be way to keep the VPS owner away from files? Let's say I have bought a VPS which I'm using for django application host. I want to protect the files of user from myself. So that I can assure that I don't have access to user files. – root Nov 30 '18 at 19:21
-
1You cannot. As long as you're able to have administrator or root access, it's impossible to deny yourself that access. This is the purpose of least privilege practices: you should never have administrator/root access. – Maximilian Burszley Nov 30 '18 at 21:10
-
1A better solution might be to encrypt the the documents. – snakecharmerb Dec 01 '18 at 08:51
-
Thank you @snakecharmerb I'd love to hear more about it. – root Dec 02 '18 at 13:10
-
@snakecharmerb which algo to use and which pros and cons does it have? etc. – root Dec 02 '18 at 13:10