Encrypted file system / web server usage.
From: Dave (nospam_at_nowhere.com)
Date: 10/21/05
- Next message: Richard Watson: "Re: Encrypted file system / web server usage."
- Previous message: ICE: "Re: some certification questions"
- Next in thread: Richard Watson: "Re: Encrypted file system / web server usage."
- Reply: Richard Watson: "Re: Encrypted file system / web server usage."
- Reply: Frank Cusack: "Re: Encrypted file system / web server usage."
- Reply: Owen Rees: "Re: Encrypted file system / web server usage."
- Reply: Andy Dingley: "Re: Encrypted file system / web server usage."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Fri, 21 Oct 2005 13:09:50 +0100
A friend wants to store some documents so that he can retrieve them
wherever he is in the world. These are confidential. Being able to down
them via SSL would be preferred, but perhaps retrieval via an SSH client
would do.
Is there any way data can be stored on a web server such that even if
someone gained root access they can not read the data? I know you can
use SSL to encrypt the data during transmission, but if someone manages
to get root access on the server, perhaps by a bug in Apache, Solaris,
SSL , secure shell etc, they can just read the files.
Since he wants me to set this up, I'd prefer to use Solaris, but I will
consider Linux. Windoze is out.
It needs to be compatible with Windoze computers.
Just to add a complication to the problem, he would like others to be
able to access the data too. But he wants multiple levels of privileges,
such that someone with level 1 privileges can get at all documents,
someone with level 2 less, someone with level 3 even less and someone at
level 5 only a few documents that are not really confidential (probably
his MP3 collection!!)
As if that is not enough, he wants people to be able to upload documents
too.
I know UNIX supports the concept of owner and a group, but can a user be
a member of multiple groups, such that he a single user can access files
in groups 4 and 5, but not 1, 2 or 3, whereas someone else can read
documents in groups 3, 4 and 5, but not group 1 and 2, and so on?
I think a weak link is always going to be the fact that if he lets
people download word documents to their PC, there is a good chance
others will get access to them - not deleted properly, left on a
printer, or their computer hacked. It is known in the environment he
works, others attempt to hack your computer for commercial gain.
He is quite happy to dedicate the task to multiple computers. I suspect
the way to do this might be to have one server as a web server, and
another to store the documents on. I'm not sure how be to do that, but I
can find out if that is a practical method.
Any suggestions - other than the obvious one that he hires someone with
more knowledge on these issues than me?
- Next message: Richard Watson: "Re: Encrypted file system / web server usage."
- Previous message: ICE: "Re: some certification questions"
- Next in thread: Richard Watson: "Re: Encrypted file system / web server usage."
- Reply: Richard Watson: "Re: Encrypted file system / web server usage."
- Reply: Frank Cusack: "Re: Encrypted file system / web server usage."
- Reply: Owen Rees: "Re: Encrypted file system / web server usage."
- Reply: Andy Dingley: "Re: Encrypted file system / web server usage."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
