[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] RaQ3 and secure data storage
- Subject: Re: [cobalt-users] RaQ3 and secure data storage
- From: "Larry E. Smith" <lesmith@xxxxxxxxxxxxxx>
- Date: Sun Nov 25 10:32:47 2001
- List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>
On Sun, Nov 25, 2001 at 11:43:04AM -0800, Wayne McBryde wrote:
> I have a customer who needs "Off Site" backups and wants to do secure
> backups to my server.
> Is there a way to secure a part of a web site that a customer can FTP their
> backups to?
> This data would be financial data for their customers, so security is a BIG
> thing.
> I think I can set up SSL and use htaccess, but how secure would it be and is
> there a better way, OR should I tell the customer to find another way.
>
Wayne,
As Roy mentioned, you can use just about any FTP package and
"tunnel" it through SSH, but that does not "secure" the data
itself once it is on the server. Would "highly" recommend that
it (the data) - NOT - be kept under the web tree (web area)
with or without htaccess - AND - that they consider something
like PGP encryption of the data before uploading it. If these
are simply "off-site" backups, then they should not need web
access to them, only FTP access through SSH or some such. If
you use a directory UNDER their account directory
(/home/sites/users/<username>/off-site-data) or some such, then
chmod 700 this directory (so no one else can browse it) they
can then FTP to this directory and put their data their.
With PGP encryption and a good server install it might be
"relatively" secure (relative being a "relative" term...)...
Larry Smith
SysAd ECSIS.NET
sysad@xxxxxxxxx