NYCPHP Meetup

[Larry Velez]

I would recommend Groove (If they use Windows desktops) - http://www.groove.net/ (free for limited use)
It is P2P so file size and firewalls are not an issue, it works offline and it was built with security in mind from the very
beginning, meaning sensitive data is safer than on their own hard drive.   We have used it for 2+ years and love it.

| Larry Velez | http://sinu.com |

-----Original Message-----
From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On Behalf Of Michael Southwell
Sent: Wednesday, August 13, 2003 11:09 PM
To: talk at lists.nyphp.org
Subject: [nycphp-talk] keeping a file secure


A client has asked to use his website as a convenient access point for him 
and a partner to use for transferring very large (presumably too large for 
email) and sensitive (financial) files.

I am thinking that this can be done reasonably safely and very simply via 
ftp as follows:
1.  use the host's ftp password system to secure the connection, and use 
any common ftp program
2.  encrypt the file locally before uploading
3.  upload it, for convenience to a designated subdirectory but I can't see 
that it really matters
4.  then the other guy gets it, decrypts it, changes it, and puts it back, etc. If anybody were somehow able to deduce the existence
of this file and get 
it (which I know is easy; just point a browser at it and if it's not a 
standard type it will be downloaded), it would be incomprehensible.

An alternative would be to write a script using authentication which then 
uses fputs and fgets to move the file back and forth (but I may be 
*seriously* screwed up on this).  There would probably be some issue with 
write permissions on the host.

The first scheme seems much simpler and, as I said, reasonably safe.

Ideas, advice, warnings?

Michael G. Southwell =================================
DNEBA Enterprises
81 South Road
Bloomingdale, NJ 07403-1419
973/492-7873 (voice and fax)
southwell at dneba.com
http://www.dneba.com