Subject: Re: (reasonably) secure shared upload area on server
To: David Brownlee <>
From: Brian Buhrow <>
List: current-users
Date: 10/18/2006 08:33:22
	I'd go for the https option.  It's easy to use, reasonably secure, and
there are scripts to be found which can permit file uploads.  Also, if
you're users are using Macintosh computers, the setup is really easy,
because you can just use the ical extensions in Apache to make it all work.
We have several customers using this approach, and it works much better
than ftp all around, because of firewall restrictions, bad clients, and
user cluelessness.  

Good luck.
On Oct 18,  4:13pm, David Brownlee wrote:
} Subject: (reasonably) secure shared upload area on server
}  	We have a requirement for several remote collaborators to
}  	be able to upload and download data on a given server.
}  	Ideally we want something where they can access an effectively
}  	chroot()ed area, so if something does go wrong their access cannot
}  	open up more of the server. Obviously it would be nice if their
}  	connections where encrypted as well.
}  	Is there any consensus as to good approaches to this?
}  	Some obvious options:
}  	    - chroot()ed ftp. Nice on the chroot, simple to setup,
}  	      but no encryption on the data transfer or login details.
}  	    - sftp to account with no login shell, and with port forwarding
}  	      disabled. Again, relatively easy to setup, but no chroot
}  	      (though encryption should be more than fine)
}  	    - https:// to directory for download, and some cgi for upload
}  	      This I find the most tempting - does anyone know of any good
}  	      examples for the cgi?
}  	    - subversion over https://. I find this strangely compelling,
}  	      but the whole revision control aspect would probably confuse
}  	      the hell out of the users...
} -- 
}  			   David Brownlee --
>-- End of excerpt from David Brownlee