NYCPHP Meetup

[nycphp-talk] keeping a file secure

Michael Southwell southwell at dneba.com
Wed Aug 13 23:08:46 EDT 2003


A client has asked to use his website as a convenient access point for him 
and a partner to use for transferring very large (presumably too large for 
email) and sensitive (financial) files.

I am thinking that this can be done reasonably safely and very simply via 
ftp as follows:
1.  use the host's ftp password system to secure the connection, and use 
any common ftp program
2.  encrypt the file locally before uploading
3.  upload it, for convenience to a designated subdirectory but I can't see 
that it really matters
4.  then the other guy gets it, decrypts it, changes it, and puts it back, etc.
If anybody were somehow able to deduce the existence of this file and get 
it (which I know is easy; just point a browser at it and if it's not a 
standard type it will be downloaded), it would be incomprehensible.

An alternative would be to write a script using authentication which then 
uses fputs and fgets to move the file back and forth (but I may be 
*seriously* screwed up on this).  There would probably be some issue with 
write permissions on the host.

The first scheme seems much simpler and, as I said, reasonably safe.

Ideas, advice, warnings?

Michael G. Southwell =================================
DNEBA Enterprises
81 South Road
Bloomingdale, NJ 07403-1419
973/492-7873 (voice and fax)
southwell at dneba.com
http://www.dneba.com
======================================================





More information about the talk mailing list