> The only web-based file sharing implementation that is secure in any way is > one that stores the files in the mySQL database. Unfortunately there are
I respectfully disagree here Darrell. I've seen an implementation that used SMTP to upload the file to the server: You'd upload the file by sending as an email attachment. A simple perl script would strip the attachment and place it in the repository. Download was accomplished via FTP. I'm not a security expert, but this appeared to be a fairly secure setup. Another solution that I've seen uses a kind of file cache for uploading files to the server. You'd upload via the browser to a temporary location. A server side app would then move the file for the cache to the repository, setting any appropriate file permissions. > With my KISS solution you at least limit exposure by implementing apache > security. Each share is unique. Each share has a defined access list. Yes I don't follow 100% of what you did here, but looked like a really good implementation. -- Greg J. Zartman, P.E. Vice-President Logging Engineering International, Inc. 1243 West 7th Avenue Eugene, Oregon 97402 541-683-8383 541-683-8144 www.leiinc.com -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org
