<table cellspacing="0" cellpadding="0" border="0" ><tr><td valign="top" style="font: inherit;">I would recommend Alfresco. <br><br>EK<br><br>--- On <b>Wed, 3/16/11, solarflow99 <i><solarflow99-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org></i></b> wrote:<br><blockquote style="border-left: 2px solid rgb(16, 16, 255); margin-left: 5px; padding-left: 5px;"><br>From: solarflow99 <solarflow99@gmail.com><br>Subject: Re: [TLUG]: Secure portal, extranet<br>To: tlug@ss.org<br>Received: Wednesday, March 16, 2011, 1:29 AM<br><br><div id="yiv1358058790"><br><br><div class="yiv1358058790gmail_quote">On Tue, Mar 15, 2011 at 1:11 PM, Fernando Duran <span dir="ltr"><<a rel="nofollow" ymailto="mailto:liberosec-FFYn/CNdgSA@public.gmane.org" target="_blank" href="/mc/compose?to=liberosec-FFYn/CNdgSA@public.gmane.org">liberosec-FFYn/CNdgSA@public.gmane.org</a>></span> wrote:<br><blockquote class="yiv1358058790gmail_quote" style="border-left:1px solid rgb(204, 204, 204);margin:0pt 0pt 0pt 0.8ex;padding-left:1ex;">
<br>
<br>
----- Original Message ----<br>
> From: William O'Higgins Witteman <<a rel="nofollow" ymailto="mailto:william.ohiggins-H217xnMUJC0sA/PxXw9srA@public.gmane.org" target="_blank" href="/mc/compose?to=william.ohiggins-H217xnMUJC0sA/PxXw9srA@public.gmane.org">william.ohiggins-H217xnMUJC0sA/PxXw9srA@public.gmane.org</a>><br>
> To: <a rel="nofollow" ymailto="mailto:tlug-lxSQFCZeNF4@public.gmane.org" target="_blank" href="/mc/compose?to=tlug@ss.org">tlug-lxSQFCZeNF4@public.gmane.org</a><br>
> Sent: Mon, March 14, 2011 10:01:48 PM<br>
> Subject: Re: [TLUG]: Secure portal, extranet<br>
><br>
> On Mon, Mar 14, 2011 at 04:54:00PM -0400, David van Geest wrote:<br>
> >> Does anyone have any thoughts about what software to choose to set up an<br>
> >> extranet or secure portal for off-site people to exchange files and<br>
> >> information securely? I am not finding anything obvious, and guidance<br>
> >> would be most appreciated. Thanks!<br>
> ><br>
> >Are you developing an application to do this, or do you just want<br>
> >off-the-shelf? For OTS, we've been using Basecamp at work, it works<br>
> >relatively well. The only thing I know about security in this case is<br>
> >that <a rel="nofollow" target="_blank" href="http://basecamphq.com">basecamphq.com</a> provides an SSL site.<br>
><br>
> It needs to be off-the-shelf, but I need to host it - I can't expose<br>
> patient data on an off-site service, no matter how secure it might be.<br>
> Good thought though, thanks.<br>
> --<br>
<br>
<br>
The solutions depend on a couple of requirements; mostly how complicated the<br>
permissions scheme and how flexible or open to new tools the users are.<br>
<br>
I see three levels of solutions that people tend to use in these cases:<br>
<br>
- For a simple permission scheme (everything shared in one user group), going<br>
with Linux users and ssh (sftp/scp) or ftp over ssl. A new software client for<br>
the user like winscp or cyberduck is not hard to grasp since they look like<br>
Windows explorer, still some end users don't like to use anything new and prefer<br>
to use just the browser.<br>
<br>
- A intermediate case of using something a little more "friendly" for<br>
non-technical people like WebDAV, or with other features like versioning or<br>
dealing with locking by using SVC software like svn.<br>
<br>
- A "web portal" solution. A lot of people choose <a rel="nofollow" target="_blank" href="http://www.alfresco.com/">http://www.alfresco.com/</a> (I<br>
haven't used or looked deep into it). For critical data I wouldn't trust popular<br>
PHP-based web apps, they tend to have security issues<br>
frequently <a rel="nofollow" target="_blank" href="http://wordpress.org/news/category/security/">http://wordpress.org/news/category/security/</a> , <a rel="nofollow" target="_blank" href="http://drupal.org/security">http://drupal.org/security</a> .<br>
Plus PHP is often a pain to upgrade when a vulnerability in it is discovered,<br>
breaking older code.<br>
<br>
I suggest looking at encryption too (you can store encrypted data off-site and<br>
use a cloud service). A Waterloo-based start-up has a solution for easy sharing<br>
encrypted files: <a rel="nofollow" target="_blank" href="http://ithinksecurity.com/">http://ithinksecurity.com/</a> (web site still in progress but they<br>
demo'ed their working product to me and I was very impressed).<br></blockquote><div><br>This looks like a good one if you want to get serious: <a rel="nofollow" target="_blank" href="http://docs.redhat.com/docs/en-US/JBoss_Enterprise_Portal_Platform/5.0/html-single/User_Guide/index.html">http://docs.redhat.com/docs/en-US/JBoss_Enterprise_Portal_Platform/5.0/html-single/User_Guide/index.html</a><br>
<br> <br></div></div>
</div></blockquote></td></tr></table><br>