The sandbox uses CGI or something equivalent.
Somehow I seem to have missed all this wonderful
discussion.
Which is one of the options that I discussed. Mike Brown wrote: Long passwords are generally a matter of cut and paste. >
My guess is that the salesmen will give away the password to the first
person to call them. For the documents in question, such is their prerogative. But once they have access they can also email, fax, mail, or pass the documents in any of a number of ways. There is always the risk that someone will gain unauthorized access by corrupting someone that does have access. The difference with posting files in a public place is that people can infer things just by knowing of their existence and there is a small additional risk of someone gaining access by cracking the encryption of the file itself. Thus the rest of my suggestion is to protect knowledge of the existence of these files by hiding them. We can do this without a secure Web server by putting the files in unlinked unobvious directories (i.e. http://www.gesn.com/poaiwuec/) and/or by obfuscating the names. Obviously the Web server should not give a listing of hidden directories or any confirmation that they exist. This means that in order to get access to a document you need its URL and password which essentially forms a key. The rest of the system is then the policy and procedures on how to generate and distribute the keys. My suggestion is to simply distribute an index to those allowed access. It would of course be good to define a policy defining when different documents can be released to whom as Ian suggested. And perhaps we would feel better if we marked these indexes as "Top Secret". ;-) In short, encrypt the files and hide them and we've got as much security as:
Guy
|