"more secure" 3rd-party file sharing?

Paul Lussier p.lussier at comcast.net
Fri Aug 25 21:46:00 EDT 2006


"Ben Scott" <dragonhawk at gmail.com> writes:

> On 8/25/06, Paul Lussier <p.lussier at comcast.net> wrote:
>> And along these lines, you could easily set up an Apache/WebDAV server ...
>
>   I see a future LUG presentation here!

Why do need a presentation when you can just apt-get everything you need ;)

>   I'm serious.  All of that actually does sound  pretty cool.  But it
> does have a few drawbacks for Bill's situation (the OP):
>
>   Bill might not want to have to maintain accounts for all the
> potential people who might be getting files sent to them.  It would
> work okay (and probably be a good idea, even) if you're trading files
> with a small set of people, but I got the impression that Bill's user
> community for this would be "the Internet".

I got the (mis-)impression that he was concerned about people within a
company transferring sensitive documents to each other and accidently
e-mailing them to unauthorized people whose e-mail address happened to
also be in their address book.

>   Encrypting the transfer (a la SSL), while not completely useless,
> does little to actually solve the real threats facing most of us.
> ISP's sniffing traffic is usually not the issue; compromised machines
> (spyware, rooot kits, etc.) and untrustworthy people are the big
> problems.  An SSL tunnel doesn't help if the end point is under the
> enemy's control.

No, but if transferring sensitive material between remote offices of
the same company over the internet, it's a "reassuring, warm, fuzzy
feeling" provided to the users, the IT group, the security weenies,
etc. to say "it's secured over SSL" :)

-- 
Seeya,
Paul



More information about the gnhlug-discuss mailing list