"more secure" 3rd-party file sharing?
Paul Lussier
p.lussier at comcast.net
Fri Aug 25 21:46:00 EDT 2006
"Ben Scott" <dragonhawk at gmail.com> writes:
> On 8/25/06, Paul Lussier <p.lussier at comcast.net> wrote:
>> And along these lines, you could easily set up an Apache/WebDAV server ...
>
> I see a future LUG presentation here!
Why do need a presentation when you can just apt-get everything you need ;)
> I'm serious. All of that actually does sound pretty cool. But it
> does have a few drawbacks for Bill's situation (the OP):
>
> Bill might not want to have to maintain accounts for all the
> potential people who might be getting files sent to them. It would
> work okay (and probably be a good idea, even) if you're trading files
> with a small set of people, but I got the impression that Bill's user
> community for this would be "the Internet".
I got the (mis-)impression that he was concerned about people within a
company transferring sensitive documents to each other and accidently
e-mailing them to unauthorized people whose e-mail address happened to
also be in their address book.
> Encrypting the transfer (a la SSL), while not completely useless,
> does little to actually solve the real threats facing most of us.
> ISP's sniffing traffic is usually not the issue; compromised machines
> (spyware, rooot kits, etc.) and untrustworthy people are the big
> problems. An SSL tunnel doesn't help if the end point is under the
> enemy's control.
No, but if transferring sensitive material between remote offices of
the same company over the internet, it's a "reassuring, warm, fuzzy
feeling" provided to the users, the IT group, the security weenies,
etc. to say "it's secured over SSL" :)
--
Seeya,
Paul
More information about the gnhlug-discuss
mailing list