[nycphp-talk] keeping a file secure
Michael Southwell
southwell at dneba.com
Wed Aug 13 23:08:46 EDT 2003
A client has asked to use his website as a convenient access point for him
and a partner to use for transferring very large (presumably too large for
email) and sensitive (financial) files.
I am thinking that this can be done reasonably safely and very simply via
ftp as follows:
1. use the host's ftp password system to secure the connection, and use
any common ftp program
2. encrypt the file locally before uploading
3. upload it, for convenience to a designated subdirectory but I can't see
that it really matters
4. then the other guy gets it, decrypts it, changes it, and puts it back, etc.
If anybody were somehow able to deduce the existence of this file and get
it (which I know is easy; just point a browser at it and if it's not a
standard type it will be downloaded), it would be incomprehensible.
An alternative would be to write a script using authentication which then
uses fputs and fgets to move the file back and forth (but I may be
*seriously* screwed up on this). There would probably be some issue with
write permissions on the host.
The first scheme seems much simpler and, as I said, reasonably safe.
Ideas, advice, warnings?
Michael G. Southwell =================================
DNEBA Enterprises
81 South Road
Bloomingdale, NJ 07403-1419
973/492-7873 (voice and fax)
southwell at dneba.com
http://www.dneba.com
======================================================
More information about the talk
mailing list