I decided to post this question in the lounge instead of the security area because it's not really a hosting security question, it's an email/web authoring security question.
I have a new client that takes data from sleep centers and scores them, and sends the information back. At the moment, he has the clients FedEx the data on CD's. He found out today that FedEx doesn't always ship when and where they are supposed to. *flipping back cape and raising chin* this is where I come in. He wants a website and some information solutions.
I have several available methods of this, but would value some input before I go ahead with structuring his site.
My question is this:
What would be the most flexible, easiest solution to having these clients send information to my client and then receive it over the internet securely? Just PGP email doesn't look promising since some clients may have XP, which is not compatible yet, not to mention it is now *cough* sellout *cough* close-sourced.
Anyone have any simple, effective ideas that he could incorporate without having to explain a lot to his clients who may not be very familiar with computers?
actually, the data will be sent by clients that will be from all over, not having anything to do with my server, and only ending up on my server. Sending it back secured is simple. Just need a way to explain to his clients, or set up a method, to have them send it to my client in the first place, if they don't know computers very well.
whew- i think i confused myself.
Could you set up a SSL secured website that allows them to upload the data via a form? Then your client just has to ftp (or better yet, sftp) in to the server, retrieve the data and then process it. I would think that it would be easy enough to explain how to fill in a form. But then again, I'm a programmer, so what would I know about making things easy to use . I hope this helps.
that's actually one of the considerations i had in mind, banner, and will probably be similar to what will be the final result. Unfortunately I have to consider a few different options in case his budget is really tight and he doesn't want to go the whole SSL route. His company is a startup, and he doesn't have a large budget - yet.
Thanks for the post, tho, exactly what i am looking for, options. just want to make sure i don't miss anything. Looking for people who have had good/bad experiences with this kind of thing. might have to go to a webmaster kind of forum, but i just can't seem to break away from this one. Maybe if i opened another window....hmmm
Anyway, thank you.
Anyone else have any direct experience with something like this that might be of help?
Maybe find a host that offers shared ssl? Or you could go with a self-signed key. That would remove one obstacle to this idea (even if it's not perfectly secure).
One question I have is what is more important to your client, preventing others from reading the data or verying the sender? If it is the former, you could have just have people zip the files and set a password that is shared by both people. If it is the latter, PGP mail would be the easiest way to do that via email.
the real issue here is his clients' thoughts. the information in these studies actually has to be opened by proprietary software (sandman, etc) so there's not really a security issue at all. there just needs to be an increase in the comfort level for the clients, but it has to be really simple.
PGP won't work with XP unless you try the beta version. zip passwords are pretty easy to crack, but again there really isn't much danger anyway. maybe for now i'll just have him tell them to download a free zip program with password capabilities like Freezip (with the encryption patch) to email it. The files are about 50meg or so. i can get him into the ssl stuff later as the site progresses and he can pay for more services.