Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add ability to remove file securely #181

Closed
matthewadams opened this issue Oct 1, 2015 · 5 comments
Closed

Add ability to remove file securely #181

matthewadams opened this issue Oct 1, 2015 · 5 comments

Comments

@matthewadams
Copy link

I need to be able to delete a file and completely remove any trace of its presence.

If there were methods like removeSecurely, or the remove method were enhanced to take an options parameter with a setting like { secure : 'zeros' } or { secure : 'random' }, which would write zeros or random data, respectively, over the file's content before removing, it'd be just jim-dandylicious.

@jprichardson
Copy link
Owner

While I really like this idea, I'm not sure that it belongs in this library and not some specialized library.

This is because...

  1. The naive implementation would be exactly as you describe and how I would have approached the problem initially as well. But would it actually securely delete the file or would it just make the user think the file is securely deleted? i.e. are there scenarios where more is required? Perhaps multiple passes? Perhaps some time delay between each pass? Should the behavior be different on a hard drive with a rotating platter vs that of a solid state drive? And what is defined by "securely" deleting - I realize there are some very sophisticated methods for recovering files - does "secure" mean that it should thwart all of them? I don't know the answer to some of these questions, but I'd want them answered before proceeding.
  2. My priority for this library is getting to 1.0. This may get in the way of that as it carries additional complexity to maintain and implement. That isn't to say that fs-extra wouldn't ever cary such a feature, but it shouldn't be a priority at the moment.

What are your thoughts?

@matthewadams
Copy link
Author

@jprichardson Your questions are good'n'thoughtful. I agree that this may be too device-dependent, and I don't think it's crucial for 1.0.

Perhaps I should spend some time looking into (and asking around about) the underlying OSes' secure deletion functionality.

@jprichardson
Copy link
Owner

Closing this for now. Ping me when you have answers to some of these questions or you have found a module to do this.

@matthewadams
Copy link
Author

I spent a small amount of time researching and came to the conclusion that this is not something that can be done portably yet. In fact, I'm not even sure that it's portable on a single OS across different storage media yet. I guess the need for secure deletion isn't pervasive enough to warrant support in storage devices, where each different storage device could offer a secure delete API, and the OS could offer a secure delete API that delegates to the storage device's secure deletion API.

@jprichardson
Copy link
Owner

Thanks for the follow-up. It's a damn shame that this isn't a priority for OS/hardware manufacturers yet. Apple seems to be doing a decent job; I suspect in 5 years or so as demand for these sorts of things increases, manufacturers will start delivering.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

2 participants