[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Acceptance Test Plan

Already done;  doesn't need CGI.  It is the sandbox directory.  This has nothing to do with anyone being overloaded.
  The sandbox uses CGI or something equivalent.
The problem, as Mike stated, is that the password is almost immediately given out.  No one has been willing to take responsibility for putting a document in the sandbox, for fear that they will be the person on the receiving end of:  "How did RealyBig County get access to the Foobar document?  Do you realize this has cost us a $20 million dollar sale?  I can't believe how incompetent our network administrators are."
  Somehow I seem to have missed all this wonderful discussion.
If you are going to rely on a password protected sandbox, why not just zip up the files with a password and put them in a public directory.
  Which is one of the options that I discussed.

Mike Brown wrote:

Do you like you long passwords?
  Long passwords are generally a matter of cut and paste.

> My guess is that the salesmen will give away the password to the first person to call them.

  For the documents in question, such is their prerogative.  But once they have access they can also email, fax, mail, or pass the documents in any of a number of ways.  There is always the risk that someone will gain unauthorized access by corrupting someone that does have access.  The difference with posting files in a public place is that people can infer things just by knowing of their existence and there is a small additional risk of someone gaining access by cracking the encryption of the file itself.

  Thus the rest of my suggestion is to protect knowledge of the existence of these files by hiding them.  We can do this without a secure Web server by putting the files in unlinked unobvious directories (i.e. http://www.gesn.com/poaiwuec/) and/or by obfuscating the names.  Obviously the Web server should not give a listing of hidden directories or any confirmation that they exist.  This means that in order to get access to a document you need its URL and password which essentially forms a key.  The rest of the system is then the policy and procedures on how to generate and distribute the keys.  My suggestion is to simply distribute an index to those allowed access.  It would of course be good to define a policy defining when different documents can be released to whom as Ian suggested.  And perhaps we would feel better if we marked these indexes as "Top Secret".  ;-)

  In short, encrypt the files and hide them and we've got as much security as:

Given that it is (almost) the new millennium, I think we should do better than that.  I propose we set up a system were everyone is notified whenever a change in the documentation is made.   Instead of having to download the documents, we could send the documents directly to everyone who should have access to them.  The software should have settings that allow users to either keep these documents on their personal systems organized by folder, or to remain on the central server for when they are on the road.

and almost as much convenience.

Maybe it IS summer, the sun's breaking through again!