[thelist] security on the server

[Keith]

> I have a client who wishes to have documents made available to
> their  clientele for download from their server.  These are
> confidential documents  to be opened only by their respective
> owners.  

Matt's given an excellent explaination of one of the commonly used 
methods for delivering secure content to unique users. But since 
you also say that the data needs to be transmitted to the end user 
securely, you should also to be concerned with how your client will 
get the files TO the server, securely. And that's a bit stickier 
problem.

If files will be uploaded only once, or rarely, you're set. But If your 
client will need to change files frequently, or change a lot of files 
periodically, you'll probably want to use something other than the 
browser's file upload feature. That one-file-at-a-time crap gets old 
quick. The first and only time I built a secure delivery system that 
relied on file upload to refresh the server the client bought it. Two 
months later they paid twice as much to have someone rip it out 
and put in a modern upload design.

keith