Check out the new USENIX Web site. next up previous
Next: Update Up: Publius Previous: Retrieve

Delete

It is desirable for Alice to be able to delete her Publius content from all servers, while nobody else should be able to delete this content. To achieve this, just before Alice publishes a file she generates a password PW. Alice then sends the encrypted document, share and to the servers that will be hosting Alice's published document. is the hash of the domain name of the server concatenated with a password PW. The server stores this hash value in the same directory as the encrypted file and the share, in a file called password. The reason this value is stored as opposed to just the PW or H(PW), is that it prevents a malicious server from learning the password and deleting the associated Publius content from all other servers that are hosting it. We implemented delete as a CGI script running on each server. To delete Publius content, Alice sends to each hosting server, along with the namei that corresponds to the that server. The server compares the password received to the one stored, and if they match, removes the directory matching the namei, and all of the files in it.
next up previous
Next: Update Up: Publius Previous: Retrieve
Avi Rubin
2000-06-13