secure file transfer

Discussion in 'HTML' started by jack.smith.sam@gmail.com, Sep 30, 2006.

  1. Guest

    Hi All

    I want to put some files on a server and do not want unauthorized
    people to access it (when someone wants the file it prompts for
    password and if it was correct allow file download). What is the
    easiest way to do this?

    Thanks a lot.
    , Sep 30, 2006
    #1
    1. Advertising

  2. wrote:

    > I want to put some files on a server and do not want unauthorized
    > people to access it (when someone wants the file it prompts for
    > password and if it was correct allow file download). What is the
    > easiest way to do this?


    HTTP Basic Authentication is usual easier to set up. The specifics depend on
    the server software you use, so check the manual.

    --
    David Dorward <http://blog.dorward.me.uk/> <http://dorward.me.uk/>
    Home is where the ~/.bashrc is
    David Dorward, Sep 30, 2006
    #2
    1. Advertising

  3. richard Guest

    <> wrote in message
    news:...
    > Hi All
    >
    > I want to put some files on a server and do not want unauthorized
    > people to access it (when someone wants the file it prompts for
    > password and if it was correct allow file download). What is the
    > easiest way to do this?
    >
    > Thanks a lot.
    >


    Best approach would be to ask the host.
    That way you know how they want it done properly.
    richard, Sep 30, 2006
    #3
  4. cwdjrxyz Guest

    wrote:
    > Hi All
    >
    > I want to put some files on a server and do not want unauthorized
    > people to access it (when someone wants the file it prompts for
    > password and if it was correct allow file download). What is the
    > easiest way to do this?


    If you can set up ftp download with password on your server, that is a
    good way to go and one often used by many commercial sites. If you are
    using the server of some host that does not allow you to do this, there
    is another way that does not require you to do anything at the server.
    That is to use an encrypted self extracting file or an encrypted zip
    file. Both are .exe files that might scare some people away. My CuteZip
    program from GlobalScape allows this, and most likely there are other
    programs that do so. You just use the program to encrypt the directory
    or file and you must also enter a password. You then upload the
    generated encrypted file to the server. After someone downloads the
    encrypted file, they are asked to enter a password when they double
    click it. In the case of the self extracting encrypted file, it then
    decrypts and generates the file or files that it contains.
    cwdjrxyz, Sep 30, 2006
    #4
  5. richard Guest

    "cwdjrxyz" <> wrote in message
    news:...
    >
    > wrote:
    >> Hi All
    >>
    >> I want to put some files on a server and do not want unauthorized
    >> people to access it (when someone wants the file it prompts for
    >> password and if it was correct allow file download). What is the
    >> easiest way to do this?

    >
    > If you can set up ftp download with password on your server, that is a
    > good way to go and one often used by many commercial sites. If you are
    > using the server of some host that does not allow you to do this, there
    > is another way that does not require you to do anything at the server.
    > That is to use an encrypted self extracting file or an encrypted zip
    > file. Both are .exe files that might scare some people away. My CuteZip
    > program from GlobalScape allows this, and most likely there are other
    > programs that do so. You just use the program to encrypt the directory
    > or file and you must also enter a password. You then upload the
    > generated encrypted file to the server. After someone downloads the
    > encrypted file, they are asked to enter a password when they double
    > click it. In the case of the self extracting encrypted file, it then
    > decrypts and generates the file or files that it contains.
    >


    Nice idea but encrypting a file one wants to download is useless. As
    somewhere on the site the password would have to be posted for that file.
    I've downloaded some zip files that popped up with the password dialog.
    Pressed esc or hit the x and I opened the file.
    richard, Sep 30, 2006
    #5
  6. cwdjrxyz Guest

    richard wrote:
    > "cwdjrxyz" <> wrote in message
    > news:...
    > >
    > > wrote:
    > >> Hi All
    > >>
    > >> I want to put some files on a server and do not want unauthorized
    > >> people to access it (when someone wants the file it prompts for
    > >> password and if it was correct allow file download). What is the
    > >> easiest way to do this?

    > >
    > > If you can set up ftp download with password on your server, that is a
    > > good way to go and one often used by many commercial sites. If you are
    > > using the server of some host that does not allow you to do this, there
    > > is another way that does not require you to do anything at the server.
    > > That is to use an encrypted self extracting file or an encrypted zip
    > > file. Both are .exe files that might scare some people away. My CuteZip
    > > program from GlobalScape allows this, and most likely there are other
    > > programs that do so. You just use the program to encrypt the directory
    > > or file and you must also enter a password. You then upload the
    > > generated encrypted file to the server. After someone downloads the
    > > encrypted file, they are asked to enter a password when they double
    > > click it. In the case of the self extracting encrypted file, it then
    > > decrypts and generates the file or files that it contains.
    > >

    >
    > Nice idea but encrypting a file one wants to download is useless. As
    > somewhere on the site the password would have to be posted for that file.
    > I've downloaded some zip files that popped up with the password dialog.
    > Pressed esc or hit the x and I opened the file.


    The password is not on the site. The password is entered only after the
    encrypted file is downloaded. The persons that need such files are
    given the password by email, phone, or whatever. See if you can open
    http://www.cwdjr.net/test/twoImages.exe and tell me the names of the
    images you see. You likely can download as normal. However when you
    doubleclick to cause the self extracting file to open, you should get a
    screen that asks you to enter a password. If you have the correct
    password, the encrypted file opens and gives you a directory that
    contains images. Of course, being an exe file, I would understand why
    you might not want to try it, coming from someone you may not know.
    cwdjrxyz, Sep 30, 2006
    #6
  7. Guest

    Thanks all for your help,

    I used .htaccess and it worked for me.
    cwdjrxyz wrote:
    > richard wrote:
    > > "cwdjrxyz" <> wrote in message
    > > news:...
    > > >
    > > > wrote:
    > > >> Hi All
    > > >>
    > > >> I want to put some files on a server and do not want unauthorized
    > > >> people to access it (when someone wants the file it prompts for
    > > >> password and if it was correct allow file download). What is the
    > > >> easiest way to do this?
    > > >
    > > > If you can set up ftp download with password on your server, that is a
    > > > good way to go and one often used by many commercial sites. If you are
    > > > using the server of some host that does not allow you to do this, there
    > > > is another way that does not require you to do anything at the server.
    > > > That is to use an encrypted self extracting file or an encrypted zip
    > > > file. Both are .exe files that might scare some people away. My CuteZip
    > > > program from GlobalScape allows this, and most likely there are other
    > > > programs that do so. You just use the program to encrypt the directory
    > > > or file and you must also enter a password. You then upload the
    > > > generated encrypted file to the server. After someone downloads the
    > > > encrypted file, they are asked to enter a password when they double
    > > > click it. In the case of the self extracting encrypted file, it then
    > > > decrypts and generates the file or files that it contains.
    > > >

    > >
    > > Nice idea but encrypting a file one wants to download is useless. As
    > > somewhere on the site the password would have to be posted for that file.
    > > I've downloaded some zip files that popped up with the password dialog.
    > > Pressed esc or hit the x and I opened the file.

    >
    > The password is not on the site. The password is entered only after the
    > encrypted file is downloaded. The persons that need such files are
    > given the password by email, phone, or whatever. See if you can open
    > http://www.cwdjr.net/test/twoImages.exe and tell me the names of the
    > images you see. You likely can download as normal. However when you
    > doubleclick to cause the self extracting file to open, you should get a
    > screen that asks you to enter a password. If you have the correct
    > password, the encrypted file opens and gives you a directory that
    > contains images. Of course, being an exe file, I would understand why
    > you might not want to try it, coming from someone you may not know.
    , Sep 30, 2006
    #7
  8. cwdjrxyz Guest

    cwdjrxyz wrote:

    > The password is not on the site. The password is entered only after the
    > encrypted file is downloaded. The persons that need such files are
    > given the password by email, phone, or whatever. See if you can open
    > http://www.cwdjr.net/test/twoImages.exe and tell me the names of the
    > images you see. You likely can download as normal. However when you
    > doubleclick to cause the self extracting file to open, you should get a
    > screen that asks you to enter a password. If you have the correct
    > password, the encrypted file opens and gives you a directory that
    > contains images. Of course, being an exe file, I would understand why
    > you might not want to try it, coming from someone you may not know.


    If anyone tried to open the encrypted file and failed, use the
    password: auslese . It should then open, provided this type of file
    works on you OS. It works for me on Windows XP and several recent
    browsers that I have tried.
    cwdjrxyz, Oct 2, 2006
    #8
  9. "cwdjrxyz" <> skrev i meddelandet
    news:...
    >
    > cwdjrxyz wrote:
    >
    > > The password is not on the site. The password is entered only after the
    > > encrypted file is downloaded. The persons that need such files are
    > > given the password by email, phone, or whatever. See if you can open
    > > http://www.cwdjr.net/test/twoImages.exe and tell me the names of the
    > > images you see. You likely can download as normal. However when you
    > > doubleclick to cause the self extracting file to open, you should get a
    > > screen that asks you to enter a password. If you have the correct
    > > password, the encrypted file opens and gives you a directory that
    > > contains images. Of course, being an exe file, I would understand why
    > > you might not want to try it, coming from someone you may not know.

    >
    > If anyone tried to open the encrypted file and failed, use the
    > password: auslese . It should then open, provided this type of file
    > works on you OS. It works for me on Windows XP and several recent
    > browsers that I have tried.


    Why do you not want to use https?


    --
    Luigi Donatello Asero
    https://www.scaiecat-spa-gigi.com/
    谢谢你 ÑпаÑибо
    Luigi Donatello Asero, Oct 2, 2006
    #9
  10. cwdjrxyz Guest

    Luigi Donatello Asero wrote:
    > "cwdjrxyz" <> skrev i meddelandet
    > news:...
    > >
    > > cwdjrxyz wrote:
    > >
    > > > The password is not on the site. The password is entered only after the
    > > > encrypted file is downloaded. The persons that need such files are
    > > > given the password by email, phone, or whatever. See if you can open
    > > > http://www.cwdjr.net/test/twoImages.exe and tell me the names of the
    > > > images you see. You likely can download as normal. However when you
    > > > doubleclick to cause the self extracting file to open, you should get a
    > > > screen that asks you to enter a password. If you have the correct
    > > > password, the encrypted file opens and gives you a directory that
    > > > contains images. Of course, being an exe file, I would understand why
    > > > you might not want to try it, coming from someone you may not know.

    > >
    > > If anyone tried to open the encrypted file and failed, use the
    > > password: auslese . It should then open, provided this type of file
    > > works on you OS. It works for me on Windows XP and several recent
    > > browsers that I have tried.

    >
    > Why do you not want to use https?


    I actually usually use ftp with password protection on my site for the
    very few things I need to download securely. I also have high security
    sockets encrypted pages should I need them, but I do not need them now.
    I was just showing how you can securely download even if you can not do
    anything on the server, such as is the case for some of the few
    remaining free hosts. Of course a file with an extension of .exe will
    discourage many from downloading in the first place unless they know
    who you are and have arranged with you to get passwords for files they
    need to download. What I illustrated is not much different from what
    some people do who sell programs. Anyone can download the protected
    program file. However you can not open it until you pay the seller and
    they send you a password by eMail.
    cwdjrxyz, Oct 2, 2006
    #10
  11. "cwdjrxyz" <> skrev i meddelandet
    news:...
    >
    > Luigi Donatello Asero wrote:
    > > "cwdjrxyz" <> skrev i meddelandet
    > > news:...
    > > >
    > > > cwdjrxyz wrote:
    > > >
    > > > > The password is not on the site. The password is entered only after

    the
    > > > > encrypted file is downloaded. The persons that need such files are
    > > > > given the password by email, phone, or whatever. See if you can open
    > > > > http://www.cwdjr.net/test/twoImages.exe and tell me the names of the
    > > > > images you see. You likely can download as normal. However when you
    > > > > doubleclick to cause the self extracting file to open, you should

    get a
    > > > > screen that asks you to enter a password. If you have the correct
    > > > > password, the encrypted file opens and gives you a directory that
    > > > > contains images. Of course, being an exe file, I would understand

    why
    > > > > you might not want to try it, coming from someone you may not know.
    > > >
    > > > If anyone tried to open the encrypted file and failed, use the
    > > > password: auslese . It should then open, provided this type of file
    > > > works on you OS. It works for me on Windows XP and several recent
    > > > browsers that I have tried.

    > >
    > > Why do you not want to use https?

    >
    > I actually usually use ftp with password protection on my site for the
    > very few things I need to download securely. I also have high security
    > sockets encrypted pages should I need them, but I do not need them now.
    > I was just showing how you can securely download even if you can not do
    > anything on the server, such as is the case for some of the few
    > remaining free hosts. Of course a file with an extension of .exe will
    > discourage many from downloading in the first place unless they know
    > who you are and have arranged with you to get passwords for files they
    > need to download. What I illustrated is not much different from what
    > some people do who sell programs. Anyone can download the protected
    > program file. However you can not open it until you pay the seller and
    > they send you a password by eMail.


    But if the e-mail is not encrypted how safe is that?

    --
    Luigi Donatello Asero
    https://www.scaiecat-spa-gigi.com/
    谢谢你 ÑпаÑибо
    Luigi Donatello Asero, Oct 2, 2006
    #11
  12. cwdjrxyz Guest

    Luigi Donatello Asero wrote:
    > "cwdjrxyz" <> skrev i meddelandet
    > news:...
    > >
    > > Luigi Donatello Asero wrote:
    > > > "cwdjrxyz" <> skrev i meddelandet
    > > > news:...
    > > > >
    > > > > cwdjrxyz wrote:
    > > > >
    > > > > > The password is not on the site. The password is entered only after

    > the
    > > > > > encrypted file is downloaded. The persons that need such files are
    > > > > > given the password by email, phone, or whatever. See if you can open
    > > > > > http://www.cwdjr.net/test/twoImages.exe and tell me the names of the
    > > > > > images you see. You likely can download as normal. However when you
    > > > > > doubleclick to cause the self extracting file to open, you should

    > get a
    > > > > > screen that asks you to enter a password. If you have the correct
    > > > > > password, the encrypted file opens and gives you a directory that
    > > > > > contains images. Of course, being an exe file, I would understand

    > why
    > > > > > you might not want to try it, coming from someone you may not know.
    > > > >
    > > > > If anyone tried to open the encrypted file and failed, use the
    > > > > password: auslese . It should then open, provided this type of file
    > > > > works on you OS. It works for me on Windows XP and several recent
    > > > > browsers that I have tried.
    > > >
    > > > Why do you not want to use https?

    > >
    > > I actually usually use ftp with password protection on my site for the
    > > very few things I need to download securely. I also have high security
    > > sockets encrypted pages should I need them, but I do not need them now.
    > > I was just showing how you can securely download even if you can not do
    > > anything on the server, such as is the case for some of the few
    > > remaining free hosts. Of course a file with an extension of .exe will
    > > discourage many from downloading in the first place unless they know
    > > who you are and have arranged with you to get passwords for files they
    > > need to download. What I illustrated is not much different from what
    > > some people do who sell programs. Anyone can download the protected
    > > program file. However you can not open it until you pay the seller and
    > > they send you a password by eMail.

    >
    > But if the e-mail is not encrypted how safe is that?


    Probably safe enough for most applications if you change the password
    every now and then, unless you have very secret material on the site
    that should not be there anyway. Or you can send the password by
    certified snail mail, encrypted telephone messages with decrypters on
    the phone at each end, etc. For anything that critical, you should of
    course move to a server that allows secure sockets pages that allow
    verification of the security of the page. But none of this is likely to
    stop federal agents, with a court order, from finding out what is on
    your pages.
    cwdjrxyz, Oct 2, 2006
    #12
  13. "cwdjrxyz" <> skrev i meddelandet
    news:...

    > > But if the e-mail is not encrypted how safe is that?

    >
    > Probably safe enough for most applications if you change the password
    > every now and then, unless you have very secret material on the site
    > that should not be there anyway.


    Why should you want to use a password for the file which you want to send
    over ftp if you want to send the password by a normal e-mail? Would it not
    be easier to send the file without password then?

    Or you can send the password by
    > certified snail mail, encrypted telephone messages with decrypters on
    > the phone at each end, etc. For anything that critical, you should of
    > course move to a server that allows secure sockets pages that allow
    > verification of the security of the page.


    There are methods which are easier.

    But none of this is likely to
    > stop federal agents, with a court order, from finding out what is on
    > your pages.


    There have not been any federal agents coming with a court order and it is
    not them whom I wanted to stop.
    I am not located in the USA either...
    What about your pages?

    --
    Luigi Donatello Asero
    https://www.scaiecat-spa-gigi.com/
    谢谢你 ÑпаÑибо
    Luigi Donatello Asero, Oct 2, 2006
    #13
  14. dorayme Guest

    In article <tLZTg.18411$>,
    "Luigi Donatello Asero" <> wrote:

    >
    > "cwdjrxyz" <> skrev i meddelandet
    > news:...
    >
    > >
    > > However you can not open it until you pay the seller and
    > > they send you a password by eMail.

    >
    > But if the e-mail is not encrypted how safe is that?


    It is the difference between these two things:

    (1). I hang my front door key up on my door with a notice that
    says: "Key to this door"

    (2). I hide the key in the boot of my car. I tell the person who
    I am happy to enter my house that the key is on the top shelf of
    the tool box in there. The person knows which is my car and also
    has the key to the boot.

    It does not matter that someone could steal this friend's bag
    somewhere and find the key to the boot. Anyway, it is this sort
    of thing. If you admit to understanding this, I will publicly eat
    a website, I will finance a round the world trip for you and talk
    to my minders about a paid holiday on Mars for you and your
    family. (Conditions attached: I have to feel your admission is
    genuine)

    --
    dorayme
    dorayme, Oct 2, 2006
    #14
  15. "dorayme" <> skrev i meddelandet
    news:...
    > In article <tLZTg.18411$>,
    > "Luigi Donatello Asero" <> wrote:
    >
    > >
    > > "cwdjrxyz" <> skrev i meddelandet
    > > news:...
    > >
    > > >
    > > > However you can not open it until you pay the seller and
    > > > they send you a password by eMail.

    > >
    > > But if the e-mail is not encrypted how safe is that?

    >
    > It is the difference between these two things:
    >
    > (1). I hang my front door key up on my door with a notice that
    > says: "Key to this door"
    >
    > (2). I hide the key in the boot of my car. I tell the person who
    > I am happy to enter my house that the key is on the top shelf of
    > the tool box in there. The person knows which is my car and also
    > has the key to the boot.
    >
    > It does not matter that someone could steal this friend's bag
    > somewhere and find the key to the boot. Anyway, it is this sort
    > of thing. If you admit to understanding this, I will publicly eat
    > a website, I will finance a round the world trip for you and talk
    > to my minders about a paid holiday on Mars for you and your
    > family. (Conditions attached: I have to feel your admission is
    > genuine)
    >
    > --
    > dorayme


    You must be very rich


    --
    Luigi Donatello Asero
    https://www.scaiecat-spa-gigi.com/
    谢谢你 ÑпаÑибо
    Luigi Donatello Asero, Oct 2, 2006
    #15
  16. dorayme Guest

    In article <Qb_Tg.18417$>,
    "Luigi Donatello Asero" <> wrote:

    > You must be very rich


    You forgot the other possibility: confidence in a bet.

    --
    dorayme
    dorayme, Oct 2, 2006
    #16
  17. "dorayme" <> skrev i meddelandet
    news:...
    > In article <Qb_Tg.18417$>,
    > "Luigi Donatello Asero" <> wrote:
    >
    > > You must be very rich

    >
    > You forgot the other possibility: confidence in a bet.


    But I am under the impression that you are very rich. That could be a reason
    why you do not want to say your name

    --
    Luigi Donatello Asero
    https://www.scaiecat-spa-gigi.com/
    谢谢你 ÑпаÑибо
    Luigi Donatello Asero, Oct 2, 2006
    #17
  18. On Mon, 2 Oct 2006 02:58:32 +0100, Luigi Donatello Asero wrote
    (in article <cn_Tg.18419$>):

    >
    > "dorayme" <> skrev i meddelandet
    > news:...
    >> In article <Qb_Tg.18417$>,
    >> "Luigi Donatello Asero" <> wrote:
    >>
    >>> You must be very rich

    >>
    >> You forgot the other possibility: confidence in a bet.

    >
    > But I am under the impression that you are very rich. That could be a reason
    > why you do not want to say your name



    So which one are you dorayme?

    <http://www.rich-bastards.com/d-RichLists.htm>

    (Some nice jokes to add to your collection.)

    --
    Sally in Shropshire, UK
    bed and breakfast near Ludlow: http://www.stonybrook-ludlow.co.uk
    Burne-Jones/William Morris window in Shropshire church:
    http://www.whitton-stmarys.org.uk
    Sally Thompson, Oct 2, 2006
    #18
  19. dorayme Guest

    In article
    <>,
    Sally Thompson <> wrote:

    > So which one are you dorayme?
    >
    > <http://www.rich-bastards.com/d-RichLists.htm>
    >
    > (Some nice jokes to add to your collection.)


    I am not Oprah Winfrey, I can categorically assure you of this.

    --
    dorayme
    dorayme, Oct 2, 2006
    #19
  20. On Mon, 2 Oct 2006 22:22:28 +0100, dorayme wrote
    (in article <>):

    > In article
    > <>,
    > Sally Thompson <> wrote:
    >
    >> So which one are you dorayme?
    >>
    >> <http://www.rich-bastards.com/d-RichLists.htm>
    >>
    >> (Some nice jokes to add to your collection.)

    >
    > I am not Oprah Winfrey, I can categorically assure you of this.
    >
    >


    Well that narrows it down. If you have 7 children you must be Steven
    Spielberg, and ICMFP.




    --
    Sally in Shropshire, UK
    bed and breakfast near Ludlow: http://www.stonybrook-ludlow.co.uk
    Burne-Jones/William Morris window in Shropshire church:
    http://www.whitton-stmarys.org.uk
    Sally Thompson, Oct 2, 2006
    #20
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. A.M
    Replies:
    5
    Views:
    5,425
    Teemu Keiski
    Jun 8, 2004
  2. Daniel Malcolm
    Replies:
    0
    Views:
    548
    Daniel Malcolm
    Jan 24, 2005
  3. zdrakec
    Replies:
    1
    Views:
    431
    zdrakec
    Jul 25, 2005
  4. Joe
    Replies:
    5
    Views:
    950
    Steven Cheng[MSFT]
    Dec 13, 2005
  5. Glauco

    Secure File Transfer

    Glauco, Jun 16, 2004, in forum: Python
    Replies:
    5
    Views:
    411
    Matteo Dell'Amico
    Jun 17, 2004
Loading...

Share This Page