Secure portal, extranet
E K
ekg_ab-FFYn/CNdgSA at public.gmane.org
Wed Mar 16 13:12:35 UTC 2011
I would recommend Alfresco.
EK
--- On Wed, 3/16/11, solarflow99 <solarflow99-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org> wrote:
From: solarflow99 <solarflow99-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org>
Subject: Re: [TLUG]: Secure portal, extranet
To: tlug-lxSQFCZeNF4 at public.gmane.org
Received: Wednesday, March 16, 2011, 1:29 AM
On Tue, Mar 15, 2011 at 1:11 PM, Fernando Duran <liberosec-FFYn/CNdgSA at public.gmane.org> wrote:
----- Original Message ----
> From: William O'Higgins Witteman <william.ohiggins-H217xnMUJC0sA/PxXw9srA at public.gmane.org>
> To: tlug-lxSQFCZeNF4 at public.gmane.org
> Sent: Mon, March 14, 2011 10:01:48 PM
> Subject: Re: [TLUG]: Secure portal, extranet
>
> On Mon, Mar 14, 2011 at 04:54:00PM -0400, David van Geest wrote:
> >> Does anyone have any thoughts about what software to choose to set up an
> >> extranet or secure portal for off-site people to exchange files and
> >> information securely? I am not finding anything obvious, and guidance
> >> would be most appreciated. Thanks!
> >
> >Are you developing an application to do this, or do you just want
> >off-the-shelf? For OTS, we've been using Basecamp at work, it works
> >relatively well. The only thing I know about security in this case is
> >that basecamphq.com provides an SSL site.
>
> It needs to be off-the-shelf, but I need to host it - I can't expose
> patient data on an off-site service, no matter how secure it might be.
> Good thought though, thanks.
> --
The solutions depend on a couple of requirements; mostly how complicated the
permissions scheme and how flexible or open to new tools the users are.
I see three levels of solutions that people tend to use in these cases:
- For a simple permission scheme (everything shared in one user group), going
with Linux users and ssh (sftp/scp) or ftp over ssl. A new software client for
the user like winscp or cyberduck is not hard to grasp since they look like
Windows explorer, still some end users don't like to use anything new and prefer
to use just the browser.
- A intermediate case of using something a little more "friendly" for
non-technical people like WebDAV, or with other features like versioning or
dealing with locking by using SVC software like svn.
- A "web portal" solution. A lot of people choose http://www.alfresco.com/ (I
haven't used or looked deep into it). For critical data I wouldn't trust popular
PHP-based web apps, they tend to have security issues
frequently http://wordpress.org/news/category/security/ , http://drupal.org/security .
Plus PHP is often a pain to upgrade when a vulnerability in it is discovered,
breaking older code.
I suggest looking at encryption too (you can store encrypted data off-site and
use a cloud service). A Waterloo-based start-up has a solution for easy sharing
encrypted files: http://ithinksecurity.com/ (web site still in progress but they
demo'ed their working product to me and I was very impressed).
This looks like a good one if you want to get serious: http://docs.redhat.com/docs/en-US/JBoss_Enterprise_Portal_Platform/5.0/html-single/User_Guide/index.html
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://gtalug.org/pipermail/legacy/attachments/20110316/1b08306f/attachment.html>
More information about the Legacy
mailing list