Secure portal, extranet

solarflow99 solarflow99-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org
Wed Mar 16 05:29:42 UTC 2011


On Tue, Mar 15, 2011 at 1:11 PM, Fernando Duran <liberosec-FFYn/CNdgSA at public.gmane.org> wrote:

>
>
> ----- Original Message ----
> > From: William O'Higgins Witteman <william.ohiggins-H217xnMUJC0sA/PxXw9srA at public.gmane.org>
> > To: tlug-lxSQFCZeNF4 at public.gmane.org
> > Sent: Mon, March 14, 2011 10:01:48 PM
> > Subject: Re: [TLUG]: Secure portal, extranet
> >
> > On Mon, Mar 14, 2011 at 04:54:00PM -0400, David van Geest wrote:
> > >>  Does anyone have any thoughts about what software to choose to set up
>  an
> > >> extranet or secure portal for off-site people to exchange files  and
> > >> information securely?  I am not finding anything obvious, and
>  guidance
> > >> would be most appreciated.  Thanks!
> > >
> > >Are you  developing an application to do this, or do you just  want
> > >off-the-shelf?  For OTS, we've been using Basecamp at work, it  works
> > >relatively well.  The only thing I know about security in this  case is
> > >that basecamphq.com provides an SSL site.
> >
> > It needs to be  off-the-shelf, but I need to host it - I can't expose
> > patient data on an  off-site service, no matter how secure it might be.
> > Good thought though,  thanks.
> > --
>
>
> The solutions depend on a couple of requirements; mostly how complicated
> the
> permissions scheme and how flexible or open to new tools the users are.
>
> I see three levels of solutions that people tend to use in these cases:
>
> - For a simple permission scheme (everything shared in one user group),
> going
> with Linux users and ssh (sftp/scp) or ftp over ssl. A new software client
> for
> the user like winscp or cyberduck is not hard to grasp since they look like
> Windows explorer, still some end users don't like to use anything new and
> prefer
> to use just the browser.
>
> - A intermediate case of using something a little more "friendly" for
> non-technical people like WebDAV, or with other features like versioning or
> dealing with locking by using SVC software like svn.
>
> - A "web portal" solution. A lot of people choose http://www.alfresco.com/(I
> haven't used or looked deep into it). For critical data I wouldn't trust
> popular
> PHP-based web apps, they tend to have security issues
> frequently http://wordpress.org/news/category/security/ ,
> http://drupal.org/security .
>  Plus PHP is often a pain to upgrade when a vulnerability in it is
> discovered,
> breaking older code.
>
> I suggest looking at encryption too (you can store encrypted data off-site
> and
> use a cloud service). A Waterloo-based start-up has a solution for easy
> sharing
> encrypted files: http://ithinksecurity.com/ (web site still in progress
> but they
> demo'ed their working product to me and I was very impressed).
>

This looks like a good one if you want to get serious:
http://docs.redhat.com/docs/en-US/JBoss_Enterprise_Portal_Platform/5.0/html-single/User_Guide/index.html
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://gtalug.org/pipermail/legacy/attachments/20110316/a58ee5ac/attachment.html>


More information about the Legacy mailing list