"more secure" 3rd-party file sharing?

Paul Lussier p.lussier at comcast.net
Fri Aug 25 09:31:01 EDT 2006


"Ben Scott" <dragonhawk at gmail.com> writes:

>   One benefit to using a web UI for file transfer that you didn't
> mention is that it's generally a great deal more efficient (from a
> computer perspective) than email.  I've used similar solutions for
> *that* reason in the past (when I didn't want 50 MB attachments
> clogging up a busy mail server).

And along these lines, you could easily set up an Apache/WebDAV server
where only authorized users could have read-write access.  You could
then further authenticate these people with any scheme you like; LDAP,
Kerberos, bio-metrics, etc.

Create a compay-wide policy that no e-mail attachments are allowed
(possibly specifying a some kind of clearance level as the maximum
allowed; nothing higher than "CLASSIFIED" can be e-mailed, or
whatever).  Then force people to exchange documents using WebDAV.

This has the advantage that:

 a) Folder level ACLs can be applied such that someone can deposit a
    file, but not see what's in there, others can retrieve docs, but
    not deposit, etc.

 b) SSL is simple to enforce for transport security

 c) File system level encryption can be used transparently for long
    term storage (openAFS, for instance, which ties in nicely with
    Kerberos, as does Apache :)

 d) Document transfer becomes as simple as drag-and-drop, something
    Windows users still find easier than e-mailing the wrong people :)

 e) Apache has insane levels of logging control

 f) This is fairly simple to set up and completely client-independant
    and cross-platform.

 g) It can run on a linux server

 h) It can easily be backed up by a linux server

 i) It requires very little user training. If the user can't figure
    out how to drag-and-drop, then their also probably having trouble
    getting out of bed in the morning, which means they'll completely
    stop showing up soon :)

I hope that helps.
-- 
Seeya,
Paul



More information about the gnhlug-discuss mailing list