secure file transfer

[jack.smith.sam]

Hi All

I want to put some files on a server and do not want unauthorized
people to access it (when someone wants the file it prompts for
password and if it was correct allow file download). What is the
easiest way to do this?

Thanks a lot.

 

[David Dorward]

I want to put some files on a server and do not want unauthorized
people to access it (when someone wants the file it prompts for
password and if it was correct allow file download). What is the
easiest way to do this?

HTTP Basic Authentication is usual easier to set up. The specifics depend on
the server software you use, so check the manual.

 

[richard]

Hi All

I want to put some files on a server and do not want unauthorized
people to access it (when someone wants the file it prompts for
password and if it was correct allow file download). What is the
easiest way to do this?

Thanks a lot.

Best approach would be to ask the host.
That way you know how they want it done properly.

 

[cwdjrxyz]

Hi All

I want to put some files on a server and do not want unauthorized
people to access it (when someone wants the file it prompts for
password and if it was correct allow file download). What is the
easiest way to do this?

If you can set up ftp download with password on your server, that is a
good way to go and one often used by many commercial sites. If you are
using the server of some host that does not allow you to do this, there
is another way that does not require you to do anything at the server.
That is to use an encrypted self extracting file or an encrypted zip
file. Both are .exe files that might scare some people away. My CuteZip
program from GlobalScape allows this, and most likely there are other
programs that do so. You just use the program to encrypt the directory
or file and you must also enter a password. You then upload the
generated encrypted file to the server. After someone downloads the
encrypted file, they are asked to enter a password when they double
click it. In the case of the self extracting encrypted file, it then
decrypts and generates the file or files that it contains.

 

[richard]

If you can set up ftp download with password on your server, that is a
good way to go and one often used by many commercial sites. If you are
using the server of some host that does not allow you to do this, there
is another way that does not require you to do anything at the server.
That is to use an encrypted self extracting file or an encrypted zip
file. Both are .exe files that might scare some people away. My CuteZip
program from GlobalScape allows this, and most likely there are other
programs that do so. You just use the program to encrypt the directory
or file and you must also enter a password. You then upload the
generated encrypted file to the server. After someone downloads the
encrypted file, they are asked to enter a password when they double
click it. In the case of the self extracting encrypted file, it then
decrypts and generates the file or files that it contains.

Nice idea but encrypting a file one wants to download is useless. As
somewhere on the site the password would have to be posted for that file.
I've downloaded some zip files that popped up with the password dialog.
Pressed esc or hit the x and I opened the file.

 

[cwdjrxyz]

Nice idea but encrypting a file one wants to download is useless. As
somewhere on the site the password would have to be posted for that file.
I've downloaded some zip files that popped up with the password dialog.
Pressed esc or hit the x and I opened the file.

The password is not on the site. The password is entered only after the
encrypted file is downloaded. The persons that need such files are
given the password by email, phone, or whatever. See if you can open
http://www.cwdjr.net/test/twoImages.exe and tell me the names of the
images you see. You likely can download as normal. However when you
doubleclick to cause the self extracting file to open, you should get a
screen that asks you to enter a password. If you have the correct
password, the encrypted file opens and gives you a directory that
contains images. Of course, being an exe file, I would understand why
you might not want to try it, coming from someone you may not know.

 

[jack.smith.sam]

Thanks all for your help,

I used .htaccess and it worked for me.

 

[cwdjrxyz]

The password is not on the site. The password is entered only after the
encrypted file is downloaded. The persons that need such files are
given the password by email, phone, or whatever. See if you can open
http://www.cwdjr.net/test/twoImages.exe and tell me the names of the
images you see. You likely can download as normal. However when you
doubleclick to cause the self extracting file to open, you should get a
screen that asks you to enter a password. If you have the correct
password, the encrypted file opens and gives you a directory that
contains images. Of course, being an exe file, I would understand why
you might not want to try it, coming from someone you may not know.

If anyone tried to open the encrypted file and failed, use the
password: auslese . It should then open, provided this type of file
works on you OS. It works for me on Windows XP and several recent
browsers that I have tried.

 

[Luigi Donatello Asero]

If anyone tried to open the encrypted file and failed, use the
password: auslese . It should then open, provided this type of file
works on you OS. It works for me on Windows XP and several recent
browsers that I have tried.

Why do you not want to use https?

 

[cwdjrxyz]

Why do you not want to use https?

I actually usually use ftp with password protection on my site for the
very few things I need to download securely. I also have high security
sockets encrypted pages should I need them, but I do not need them now.
I was just showing how you can securely download even if you can not do
anything on the server, such as is the case for some of the few
remaining free hosts. Of course a file with an extension of .exe will
discourage many from downloading in the first place unless they know
who you are and have arranged with you to get passwords for files they
need to download. What I illustrated is not much different from what
some people do who sell programs. Anyone can download the protected
program file. However you can not open it until you pay the seller and
they send you a password by eMail.

 

[Luigi Donatello Asero]

I actually usually use ftp with password protection on my site for the
very few things I need to download securely. I also have high security
sockets encrypted pages should I need them, but I do not need them now.
I was just showing how you can securely download even if you can not do
anything on the server, such as is the case for some of the few
remaining free hosts. Of course a file with an extension of .exe will
discourage many from downloading in the first place unless they know
who you are and have arranged with you to get passwords for files they
need to download. What I illustrated is not much different from what
some people do who sell programs. Anyone can download the protected
program file. However you can not open it until you pay the seller and
they send you a password by eMail.

But if the e-mail is not encrypted how safe is that?

 

[cwdjrxyz]

But if the e-mail is not encrypted how safe is that?

Probably safe enough for most applications if you change the password
every now and then, unless you have very secret material on the site
that should not be there anyway. Or you can send the password by
certified snail mail, encrypted telephone messages with decrypters on
the phone at each end, etc. For anything that critical, you should of
course move to a server that allows secure sockets pages that allow
verification of the security of the page. But none of this is likely to
stop federal agents, with a court order, from finding out what is on
your pages.

 

[Luigi Donatello Asero]

Probably safe enough for most applications if you change the password
every now and then, unless you have very secret material on the site
that should not be there anyway.

Why should you want to use a password for the file which you want to send
over ftp if you want to send the password by a normal e-mail? Would it not
be easier to send the file without password then?

Or you can send the password by

certified snail mail, encrypted telephone messages with decrypters on
the phone at each end, etc. For anything that critical, you should of
course move to a server that allows secure sockets pages that allow
verification of the security of the page.

There are methods which are easier.

But none of this is likely to

stop federal agents, with a court order, from finding out what is on
your pages.

There have not been any federal agents coming with a court order and it is
not them whom I wanted to stop.
I am not located in the USA either...
What about your pages?

 

[dorayme]

But if the e-mail is not encrypted how safe is that?

It is the difference between these two things:

(1). I hang my front door key up on my door with a notice that
says: "Key to this door"

(2). I hide the key in the boot of my car. I tell the person who
I am happy to enter my house that the key is on the top shelf of
the tool box in there. The person knows which is my car and also
has the key to the boot.

It does not matter that someone could steal this friend's bag
somewhere and find the key to the boot. Anyway, it is this sort
of thing. If you admit to understanding this, I will publicly eat
a website, I will finance a round the world trip for you and talk
to my minders about a paid holiday on Mars for you and your
family. (Conditions attached: I have to feel your admission is
genuine)

 

[Luigi Donatello Asero]

It is the difference between these two things:

(1). I hang my front door key up on my door with a notice that
says: "Key to this door"

(2). I hide the key in the boot of my car. I tell the person who
I am happy to enter my house that the key is on the top shelf of
the tool box in there. The person knows which is my car and also
has the key to the boot.

It does not matter that someone could steal this friend's bag
somewhere and find the key to the boot. Anyway, it is this sort
of thing. If you admit to understanding this, I will publicly eat
a website, I will finance a round the world trip for you and talk
to my minders about a paid holiday on Mars for you and your
family. (Conditions attached: I have to feel your admission is
genuine)

You must be very rich

 

[dorayme]

You must be very rich

You forgot the other possibility: confidence in a bet.

 

[Luigi Donatello Asero]

You forgot the other possibility: confidence in a bet.

But I am under the impression that you are very rich. That could be a reason
why you do not want to say your name

 

[Sally Thompson]

But I am under the impression that you are very rich. That could be a reason
why you do not want to say your name

So which one are you dorayme?

<http://www.rich-bastards.com/d-RichLists.htm>

(Some nice jokes to add to your collection.)

 

[dorayme]

So which one are you dorayme?

<http://www.rich-bastards.com/d-RichLists.htm>

(Some nice jokes to add to your collection.)

I am not Oprah Winfrey, I can categorically assure you of this.

 

[Sally Thompson]

I am not Oprah Winfrey, I can categorically assure you of this.

Well that narrows it down. If you have 7 children you must be Steven
Spielberg, and ICMFP.