Re: Securing Data Transfer

From: Hector Diaz (thehec35@netscape.net)
Date: 02/14/03 

From: Hector Diaz <thehec35@netscape.net>
Date: Fri, 14 Feb 2003 20:48:09 GMT

This is great but the issue is that I need to be able to authenticate
the user before I allow them to put anything on our server. Any
thoughts? Our authentication is Form based Authentication through
Weblogic to LDAP.

John Tkaczewski wrote:
> Hello,
>
> You may want to take a look at a file upload apple that will send the
> files over https to your FTP server.
>
> Take a look at UUpload Pro -
> http://www.unlimitedftp.ca/uupload/index.jsp
> And the https tunneling servlet UnlimitedFTP.Secure -
> http://www.unlimitedftp.ca/uftps/index.jsp
>
> You should be able to add the applet to the JSP page. The applet would
> then take care of the secure file transfer.
>
> Regards,
> John
>
> Hector Diaz <thehec35@netscape.net> wrote in message news:<3E4CE743.8010504@netscape.net>...
>
>>Ali-Reza Anghaie wrote:
>>
>>>Hector Diaz wrote:
>>>
>>>
>>>>I need to be able to upload information to a server but before I post
>>>>any information I need to redirect them to a login page we have for our
>>>>web site. After authentication is complete then post the information
>>>>and redirect the information to another application sitting on the
>>>>server. Now All of the sites are HTTPS so the data itself is secure but
>>>>what I need to ensure is that data will not be posted until they have
>>>>been authenticated. The data is being uploaded from a PC based
>>>>application which we are enhancing to have an upload button.
>>>>
>>>>Anyone have any ideas how to do this? I have other ideas but our Info
>>>>Sec team shot some of them down. Need other ideas. Thanks.
>>>
>>>
>>>To give a better answer we'd want a bit of background on your
>>>infrastructure. Like the authentication schemes available to you, the HTTP
>>>server you're using, etc.
>>>
>>>I'd think something like Apache + WebDAV + LDAP auth... They have to login
>>>w/ LDAP w/ big banners click 'yes'.. yada yada.
>>>
>>>Apache for the webserver w/ its various modules for authentication. WebDAV
>>>for a transparent HTTP/HTTPS file interface (drag-&-drop)...
>>>
>>>Cheers, -Ali
>>>
>>
>>Here is what we have.
>>
>>Our applications run within our Apache servers and utilize LDAP for
>>authentication. We are doing Form authentication through a JSP written
>>by one of our application teams. Behind the firewall we have a
>>combination of applications written with either Vignette, Servlets
>>and/or JSP (yup we don't like to leave anything out).
>>
>>For securing the data all of our applications are protected with SSL.
>>
>>Anyone attempting to go to a bookmarked page gets redirected to the
>>login page if they are not already authenticated.
>>
>>If you need more info please feel free to contact me.
>>
>>Some other info. The XML we are looking to upload is somewhere from 10K
>>- 15K in size.
>>
>>
>>Thanks for the help!!!!
>>
>>Later, Hector
>