[ale] Web based file storage

Alex Carver agcarver+ale at acarver.net
Fri Jul 19 15:17:33 EDT 2013


On 7/19/2013 11:12, Mike Harrison wrote:
>> On 7/19/2013 10:27, Mike Harrison wrote:
>>> I'd be interested in knowing what their rational is, if it's internal
>>> via a VPN already?
>
> On Fri, 19 Jul 2013, Alex Carver intelligently and helpfully replied:
>
>> The server would not be accessible from the outside by VPN but from
>> inside the network there's many thousands of machines that can access
>> it including some that belong to foreign nationals.  SAMBA is strongly
>> discouraged (a case can be made on a limited basis but its use is
>> highly restricted and monitored), WebDAV is out because of security
>> circumvention, and the published suggestion is sftp/scp using keys.
>> In the end that may be the way I have to go and just set everyone up
>> with Filezilla and a set of keys and then train them on its use.
>
> Alex,
>
> Great answer, I wasn't seeing the bigger picture that it's not valid for
> inside of the network usage as well.

Yep, such is the dealings of government networks, at least here anyway. 
  There are a lot of restrictions in place and I have to navigate the 
narrow corridor between them.

>
> If I were being creative and wanted the headache of managing the certs,
> you could limit this by issuing client certs to the people that should
> be able to access it. The other systems (within normal high levels of
> security) would not even connect to the server. It'd be effectively the
> same as the sftp/scp using keys.

Yeah I'm not going to take that one on.  My job isn't the admin work, 
this is side work to try and make other work easier.


More information about the Ale mailing list