Re: How to encrypt/decrypt a file

Interesting ... lack of trust on the part of the "clients" with respect
to the server infrastructure ;-) "Client beware!"

I gather that the client's "data" must be somehow used by the server
(for development or authentication purposes).
As usual with REAL security development, most of the REAL security
work is in engaging the customers and understanding what they really
WANT and how much trust the are willing to tolerate in the deployment
strategy.
If the client's "data" must be updated (by the client's platform) routinely,
I can see why the client's might want a copy .. but if the client's data is NOT
changed, why shuttle it back and forth ... to the server?
Perhaps you don't wish to reveal those details .. but it could help in
discussing this.
Imagine e-banking and how much trust end users place in the banks maintaining
their private data and .... the data integrity on the wire is maintained by SSL
server infrastructure.

- Mitch Gallant

<corey.burnett@xxxxxxxxx> wrote in message
news:1140109555.910927.129050@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
That is an excellent question - and one question that I have asked the
client repeatedly. The reason for this requirement is that the
potential users of this application are very, very wary about saving
their data to the web server. They don't like the idea that their data
is on the web server. They want to have their data saved down to their
computer. I have tried all sorts of arguments and showed them how we
could build the system so that the user is completely anonymous - but
none of it is convincing to them. The bottom line is that they want a
web application (because it is easy to access and there are no
installation issues) but they want to save the data down to their
computer. So I am left with this hybrid type of solution.

Hope that explained it.

Corey



.

Relevant Pages

  • Re: IPNAT / IPF / rdr issue
    ... (such as www for th web server, ftp, as well as client hostnames). ... All clients are behind the gateway. ...
    (freebsd-questions)
  • Re: Trust between domain
    ... users from DOMAIN_A to logon to clients from DOMAIN_A and DOMAIN_B? ... and are one way trust, ... on a server or client you will be able to logon locally or to the ...
    (microsoft.public.windows.server.active_directory)
  • Re: Trust between domain
    ... users from DOMAIN_A to logon to clients from DOMAIN_A and DOMAIN_B? ... and are one way trust, ... on a server or client you will be able to logon locally or to the ...
    (microsoft.public.windows.server.active_directory)
  • Re: Trust requirements for TS License Server in a different domain
    ... Licensing Server needs to trust the domain containing the Terminal ... only thinking about the Terminal Server and the TS Licensing ... have to be in trust relationship with License Server Domain ...
    (microsoft.public.windows.terminal_services)
  • Re: Ethical And Privacy Concerns With Mail Admins
    ... I can and cannot do with regard to monitoring those who use my server. ... You have the ability as a superuser to eavesdrop on your clients. ... However you also have the ethical, moral and in many cases legal responsibility in your position as a superuser or administrator of a service to maintain the privacy and confidentiality of those communications as well, with a few exceptions, regardless of the content of those communications. ... Only a fool would continue to trust a person who breaks their word even once. ...
    (comp.mail.misc)
Loading