[nycphp-talk] keeping a file secure
velez at sinu.com
Wed Aug 13 23:15:37 EDT 2003
I would recommend Groove (If they use Windows desktops) - http://www.groove.net/ (free for limited use)
It is P2P so file size and firewalls are not an issue, it works offline and it was built with security in mind from the very
beginning, meaning sensitive data is safer than on their own hard drive. We have used it for 2+ years and love it.
| Larry Velez | http://sinu.com |
From: talk-bounces at lists.nyphp.org [mailto:talk-bounces at lists.nyphp.org] On Behalf Of Michael Southwell
Sent: Wednesday, August 13, 2003 11:09 PM
To: talk at lists.nyphp.org
Subject: [nycphp-talk] keeping a file secure
A client has asked to use his website as a convenient access point for him
and a partner to use for transferring very large (presumably too large for
email) and sensitive (financial) files.
I am thinking that this can be done reasonably safely and very simply via
ftp as follows:
1. use the host's ftp password system to secure the connection, and use
any common ftp program
2. encrypt the file locally before uploading
3. upload it, for convenience to a designated subdirectory but I can't see
that it really matters
4. then the other guy gets it, decrypts it, changes it, and puts it back, etc. If anybody were somehow able to deduce the existence
of this file and get
it (which I know is easy; just point a browser at it and if it's not a
standard type it will be downloaded), it would be incomprehensible.
An alternative would be to write a script using authentication which then
uses fputs and fgets to move the file back and forth (but I may be
*seriously* screwed up on this). There would probably be some issue with
write permissions on the host.
The first scheme seems much simpler and, as I said, reasonably safe.
Ideas, advice, warnings?
Michael G. Southwell =================================
81 South Road
Bloomingdale, NJ 07403-1419
973/492-7873 (voice and fax)
southwell at dneba.com
More information about the talk