NYCPHP Meetup

[nycphp-talk] keeping a file secure

Jon Baer jonbaer at jonbaer.net
Thu Aug 14 09:24:38 EDT 2003


a good method is to first secure apache allowing *only* viewing of .pgp
files and then setting up a vpn over an ftp connection (or sftp w/aes).
(the hosts ftp password is worth next to nothing, if the files are deemed
"sensitive" then a vpn is a good investment) and using openssl over apache.

simple automated ssh scripts w/ scp (secure copy) would also be an easy
method.  put the clients pub keys up on the box for quicker access.

- jon

----- Original Message -----
From: "Michael Southwell" <southwell at dneba.com>
To: <talk at lists.nyphp.org>
Sent: Wednesday, August 13, 2003 11:08 PM
Subject: [nycphp-talk] keeping a file secure


> A client has asked to use his website as a convenient access point for him
> and a partner to use for transferring very large (presumably too large for
> email) and sensitive (financial) files.
>
> I am thinking that this can be done reasonably safely and very simply via
> ftp as follows:
> 1.  use the host's ftp password system to secure the connection, and use
> any common ftp program
> 2.  encrypt the file locally before uploading
> 3.  upload it, for convenience to a designated subdirectory but I can't
see
> that it really matters
> 4.  then the other guy gets it, decrypts it, changes it, and puts it back,
etc.
> If anybody were somehow able to deduce the existence of this file and get
> it (which I know is easy; just point a browser at it and if it's not a
> standard type it will be downloaded), it would be incomprehensible.
>
> An alternative would be to write a script using authentication which then
> uses fputs and fgets to move the file back and forth (but I may be
> *seriously* screwed up on this).  There would probably be some issue with
> write permissions on the host.
>
> The first scheme seems much simpler and, as I said, reasonably safe.
>
> Ideas, advice, warnings?
>
> Michael G. Southwell =================================
> DNEBA Enterprises
> 81 South Road
> Bloomingdale, NJ 07403-1419
> 973/492-7873 (voice and fax)
> southwell at dneba.com
> http://www.dneba.com
> ======================================================
>
>
> _______________________________________________
> talk mailing list
> talk at lists.nyphp.org
> http://lists.nyphp.org/mailman/listinfo/talk
>




More information about the talk mailing list