Subject: (reasonably) secure shared upload area on server
To: None <firstname.lastname@example.org>
From: David Brownlee <email@example.com>
Date: 10/18/2006 16:13:45
We have a requirement for several remote collaborators to
be able to upload and download data on a given server.
Ideally we want something where they can access an effectively
chroot()ed area, so if something does go wrong their access cannot
open up more of the server. Obviously it would be nice if their
connections where encrypted as well.
Is there any consensus as to good approaches to this?
Some obvious options:
- chroot()ed ftp. Nice on the chroot, simple to setup,
but no encryption on the data transfer or login details.
- sftp to account with no login shell, and with port forwarding
disabled. Again, relatively easy to setup, but no chroot
(though encryption should be more than fine)
- https:// to directory for download, and some cgi for upload
This I find the most tempting - does anyone know of any good
examples for the cgi?
- subversion over https://. I find this strangely compelling,
but the whole revision control aspect would probably confuse
the hell out of the users...
David Brownlee -- firstname.lastname@example.org