Re: Secure file transfers

[Harrold Ahole <madman () MYEASTSIDE COM>]

Buz Dale wrote:
> I would see if I could just use HTTPS and an HTTPS upload and stop
> messing around in the ftp space altogether.
You just want to be sure the data is safe when stored on disk, too.  In
your own environment, this may not be too bad assuming those with access
to the server are trusted (unfortunately, most security breaches of
private data tend to come from such "trusted" insiders).  There are
third parties who do these sorts of things, but if they don't encrypt
the data while on disk, then your data is potentially exposed on disk
and data backups.  HTTPS only secures the link between the user's
computer and the server.  But leaving FTP is the right thing to do as
it's not compliant with any privacy laws when it comes to sensitive
personally identifiable info.  I know for web-based file transfers, the
third party I use has worked well since they keep everything encrypted
(256-bit AES) on disk, too, so even a dba/sysadmin can view it easily,
and backups don't create more leak potential, and you can use them as a
web service for lower volume or can license it for your own data center
if preferred.  (I know that posting company names is often frowned upon,
so contact me directly if you want more info.)

Harrold