Charlie, > Well, this is a Federal Agency. So the issue of hosting elsewhere probably is > a non-starter.
I understand your comment from a PHB/IT politics perspective. But most 3rd party file hosting/transfer services provide password access and https transfer. IMO, a password protected https download is SIGNIFICANTLY more secure than regular FTP. > We do send files in both directions, so figuring out the right use of HTTP > "post?" to send a file is still in the works. Yes, to send a file via HTTP you need to do a multi-part form POST and have a script on the server side do something with the file. HTTP POSTS are slower than FTP PUTS, but again, significantly more secure. > For most of the issues, we just documented the details and 99% of the users > don't have problems. 1% of 10,000 is still 100 users. :) > FTP insecure because it was so old FTP *IS* insecure - both passwords and data are transfered unencrypted. > There are SSL FTP options available Yes, there are FTP/S and S/FTP but both of these protocols require special ports that may be blocked by firewalls and 3rd party components that support these protocols are, in my experience, expensive and VERY finicky. IMO 'secure ftp' is not ready for production applications. > In our OCX component, we just specify the site, 'FTP directory', filename, > and tell it to download the file. You can't get simpler than that. Take a look at the alternatives I just sent under my "No stinkin' ActiveX" post. I think you will be surprised how easy HTTP access has become. For example, Rick Strahl's wwipstuff supports the EXACT same simple interface you quoted for downloading files via HTTP. He also provides a more sophisticated interface if you have to deal with passwords and proxies. > Also, in our testing, it was found HTTP took much longer to transfer files > than FTP. For small files under 32K, the speed difference should not be noticable. In fact, most of the 'download' time with small files will be the time spent establishing an HTTP or FTP session between the server and client - the actual transfer of data will be pretty quick. Also, if you're using a 3rd party service, you wouldn't need to worry about the bandwidth issues. > I'm curious, what HTTP 'components' do you use? Look for my "No stinkin' ActiveX" post. Malcolm _______________________________________________ Post Messages to: [email protected] Subscription Maintenance: http://leafe.com/mailman/listinfo/profox OT-free version of this list: http://leafe.com/mailman/listinfo/profoxtech ** All postings, unless explicitly stated otherwise, are the opinions of the author, and do not constitute legal or medical advice. This statement is added to the messages for those lawyers who are too stupid to see the obvious.
