NYCPHP Meetup

[nycphp-talk] keeping a file secure

Analysis & Solutions danielc at analysisandsolutions.com
Wed Aug 13 23:14:59 EDT 2003


Hi Michael:

On Wed, Aug 13, 2003 at 11:08:46PM -0400, Michael Southwell wrote:
> A client has asked to use his website as a convenient access point for him 
> and a partner to use for transferring very large (presumably too large for 
> email) and sensitive (financial) files.
... snip ...
> 1.  use the host's ftp password system to secure the connection, and use 
> any common ftp program

Use sftp, which forms an ssh connection, so the passwords and files don't 
go through in the clear.


> If anybody were somehow able to deduce the existence of this file and get 
> it (which I know is easy; just point a browser at it and if it's not a 
> standard type it will be downloaded), it would be incomprehensible.

All of the web servers I've been involved with have a user's home dir and 
the user's dir in the web document root.  Keep the stuff in the user dirs, 
not the web dirs.  This way they won't even be accessible via the web.

Enjoy,

--Dan

-- 
     FREE scripts that make web and database programming easier
           http://www.analysisandsolutions.com/software/
 T H E   A N A L Y S I S   A N D   S O L U T I O N S   C O M P A N Y
 4015 7th Ave #4AJ, Brooklyn NY    v: 718-854-0335   f: 718-854-0409



More information about the talk mailing list