"more secure" 3rd-party file sharing?
Bruce Dawson
jbd at codemeta.com
Wed Aug 23 09:44:00 EDT 2006
...
> first thought: some sort of bot one could send a file and description
> to that would respond with a URL to the sending user to add an
> allowed-users list and then send the intended recipients a link to a
> webpage where they can download the file. This at least gets one layer
> of auditability, links can be expired, and SSL can be enforced. Also
> requires blocking outbound 25, 465, 587 at the firewall and stripping
> attachments at the MTA.
>
> Has anybody seen an implementation of such a thing? Or have better
> ideas?
Yes. It was a pain. It sent an email to all "unrecognized" senders, asking
them to register their email address with a web site, and then it would
allow future emails through (but only from that address).
Unfortunately, I believe this system can be easily defeated by spoofing
the "From" and/or "Reply-To" addresses. I don't believe the intercepting
system looked at the sending system IP because it allowed Yahoo! business
addresses through.
--Bruce
More information about the gnhlug-discuss
mailing list