[ale] Web based file storage
Mike Harrison
cluon at geeklabs.com
Fri Jul 19 14:12:29 EDT 2013
> On 7/19/2013 10:27, Mike Harrison wrote:
>> I'd be interested in knowing what their rational is, if it's internal
>> via a VPN already?
On Fri, 19 Jul 2013, Alex Carver intelligently and helpfully replied:
> The server would not be accessible from the outside by VPN but from inside
> the network there's many thousands of machines that can access it including
> some that belong to foreign nationals. SAMBA is strongly discouraged (a case
> can be made on a limited basis but its use is highly restricted and
> monitored), WebDAV is out because of security circumvention, and the
> published suggestion is sftp/scp using keys. In the end that may be the way
> I have to go and just set everyone up with Filezilla and a set of keys and
> then train them on its use.
Alex,
Great answer, I wasn't seeing the bigger picture that it's not valid for
inside of the network usage as well.
If I were being creative and wanted the headache of managing the certs,
you could limit this by issuing client certs to the people that should be
able to access it. The other systems (within normal high levels of
security) would not even connect to the server. It'd be effectively the
same as the sftp/scp using keys.
--Mike--
More information about the Ale
mailing list