N
Nick Gilbert
Hi,
As part of a website (ASP.NET) we're creating, we need the ability to
store documents with pretty much 'mission critical' security. ie, if the
server is completely compromised (eg a trojan/virus is installed or
someone physically steals the server) they will still not be able to
gain access to the content of the files. I can securely transfer the
files to and from the server, but I am unsure of how best to store them
securely.
What options do I have? I have thought of using public key encryption
like PGP, but the users would then have to be trusted with a private key
which they could leak or lose, and all users would have to have the same
private key so that they could see each others files. So I'm not sure
that idea could be made to work.
I'm wondering if there are any methods that would fit my needs (even if
it involves buying 3rd party hardware or software to achieve it).
If it matters, it will probably be a Win 2003 web server with a separate
box running SQL Server 2000 which could also be used for file storage.
Any advice would be appreciated!
Thanks,
Nick Gilbert
As part of a website (ASP.NET) we're creating, we need the ability to
store documents with pretty much 'mission critical' security. ie, if the
server is completely compromised (eg a trojan/virus is installed or
someone physically steals the server) they will still not be able to
gain access to the content of the files. I can securely transfer the
files to and from the server, but I am unsure of how best to store them
securely.
What options do I have? I have thought of using public key encryption
like PGP, but the users would then have to be trusted with a private key
which they could leak or lose, and all users would have to have the same
private key so that they could see each others files. So I'm not sure
that idea could be made to work.
I'm wondering if there are any methods that would fit my needs (even if
it involves buying 3rd party hardware or software to achieve it).
If it matters, it will probably be a Win 2003 web server with a separate
box running SQL Server 2000 which could also be used for file storage.
Any advice would be appreciated!
Thanks,
Nick Gilbert