Subject: (reasonably) secure shared upload area on server
To: None <>
From: David Brownlee <>
List: current-users
Date: 10/18/2006 16:13:45
 	We have a requirement for several remote collaborators to
 	be able to upload and download data on a given server.

 	Ideally we want something where they can access an effectively
 	chroot()ed area, so if something does go wrong their access cannot
 	open up more of the server. Obviously it would be nice if their
 	connections where encrypted as well.

 	Is there any consensus as to good approaches to this?

 	Some obvious options:

 	    - chroot()ed ftp. Nice on the chroot, simple to setup,
 	      but no encryption on the data transfer or login details.

 	    - sftp to account with no login shell, and with port forwarding
 	      disabled. Again, relatively easy to setup, but no chroot
 	      (though encryption should be more than fine)

 	    - https:// to directory for download, and some cgi for upload
 	      This I find the most tempting - does anyone know of any good
 	      examples for the cgi?

 	    - subversion over https://. I find this strangely compelling,
 	      but the whole revision control aspect would probably confuse
 	      the hell out of the users...

 			   David Brownlee --