[geeks] Gmail's attraction

Jonathan C. Patschke jp at celestrion.net
Sun Sep 5 15:53:39 CDT 2004 

On Sun, 5 Sep 2004, Dan Duncan wrote:

> But how do you limit sharing as an FTP user?  How do I send one
> file to Bonnie and a different one to Clyde so that neither
> can see the other's file unless each user maintains their own
> ftp server?

You give them separate accounts.  Proftpd makes this -easy-.  I'd assume
there's some widget for 'doze that's equally simple.

> Do you have that ability as a mere user, or does it require admin
> privs?

If you have "Power User" access to your workstation, you can share
folders.  Most users have "Power User" access to placate them in that
they can change the date and such.

> How about letting mere users share out what may be privileged data
> in a manner with NO AUDIT TRAIL WHATSOEVER?

EMail does not solve this.  Does your company keep records of every
single attachment that flies over the wire (not just the filename, but
the contents, as filenames can easily be forged)?  And you -CAN- enforce
share-level audting as part of the domain policy.

> Perhaps you've never had the pleasure of having security auditors
> crawling up your ass in a corporate environment,

I'll one-up you.  I've been there in a -government environment-, one
that has to goosestep by HIPAA.

>> It is Not Hard to set up a temporary user with a temporary password and
>> to send an email saying:
>
> As long as you're sending an email, why not save a step and attach
> the file?

If the file's Large, it's horribly inefficient.  That 30% bloat doesn't
help anyone, and a good number of gateways will tell you to stuff
anything over 4MB up your backside.

> You get a virus scan,

Oh, that's part of RFC 2822 now?  I must've missed that part.

> a delivery receipt, and a reasonable assurance that someone who
> shouldn't have it didn't get it from you along with an auditable
> paper trail.

All of which can be forged.  Easily.  Never mind that the file is
passing in the clear and can be picked up at -any- SMTP server along the
way.

>> And Windows is the standard OS.  That doesn't mean it's worth a crap.
>
> No, but since it IS the standard OS in a corporate environment you
> often have to work within that framework to make it as secure as
> possible.  Letting users share out directories on their own breaks
> that rule.

No, it doesn't.  Sharing a folder saying that ONLY $user can get to it,
with auditing, lets you know who got the file, from where, when.  Plus
it's more efficient, kinder to the wire, and USING THE RIGHT TOOL FOR
THE JOB.

--
Jonathan Patschke )
Elgin, TX        (  "Ma'am, I can do anything.  I own a game store."
USA               )             --Gord ( http://www.actsofgord.com )

More information about the geeks mailing list