[thelist] security on the server

[Warden, Matt]

> From: "Peter Kaulback" <pkaulbak at idirect.ca>
> Subject: Re: [thelist] security on the server
>

...
> >- From your description, it was unclear to me if you are just asking
> >about encryption of the file itself or the transfer of that file over
> >http/SSL.
>
> Actually, it's both the encryption and the transfer.  The files will be
> very small, word documents converted to pdf, so their time in transit will
> me minimal.  Is the pdf security model very secure and is there other
> methods more secure?

I'm not sure what you mean by "pdf security model". If the pdf file format
has some sort of built-in security, I know nothing about it.

Personally, I would suggest PGP. Martin could give you better information on
this than I could, but essentially, each file owned by UserX would be
encrypted by UserX's key and therefore could only be decrypted by UserX's
key (or years and years and years of computer calculations -- enough that
it's quite impractical).

The transfer should be ok with high SSL encryption... but the SSL+PGP
combination is probably total overkill.

> >If you're talking about the transfer, this is what I propose:
> >
> >(a) store the PDFs below the site's root, so that it is inaccessible
> >by typing in a URL.
> >(b) write a script and store it above the site's root. The user will
> >login and visit this page. The script will look up in the database
> >all the files owned by the logged-in user and list them for the user
> >to select. The script, after the user has clicked on a filename, will
> >then grab the file from the filesystem and feed it to the browser,
> >making sure to set the correct Content-Type header for the file.
> >
> >Is this the kind of thing you're looking for? If so, feel free to
> >fire some questions my way, as I've done this sort of thing quite a
> >few times in the past.
>
> This is the kind of thing I'm looking for exactly as well. How difficult
is
> such an operation from the users standpoint and for the
designer/developer?

User:
-Logs in.
-Clicks a File.
-File downloads and could automatically open in the default viewer (like
Acrobat's PDF Viewer) for that content type.
-optionally enters his/her key to decrypt the file

Developer:
Quite simple. Just write a script that queries the database for all files
located on that server owned by the logged in user. The files will be below
the site root and stored in the database as an absolute physical path (like
D:\SecuredContent\joesfile.pdf). The script would read that pdf into a
variable, set the HTTP header Content-Type to the appropriate string for
PDFs, and send that variable's contents to the browser (optionally over a
SSL connection).

The only issue, if PGP is involved, would be initially saving and encrypting
the files on the server with each owner's key (assuming the user can't just
access the space on the server through Explorer or something). Like I said,
I don't know enough about PGP to give any good advice on this.

HTH some. If you have any further specific questions, I'll be happy to
answer them.


Thanks,


--
mattwarden
mattwarden.com