Mailing List Archive: 49091 messages
  • Home
  • Script library
  • AltME Archive
  • Mailing list
  • Articles Index
  • Site search
 

Secure file upload tool design?

 [1/8] from: jasonic:cunliffe:verizon at: 18-Dec-2001 11:38


I need to build a secure client-side tool in REBOLfor people to upload files to a remote server. I would like to use REBOL/View so I can offer an easy GUI for fiel browsing, selection and transfer. An option I see using REBOL are: - insist they buy REBOL/ViewPro and use encryption for login+password handling and then FTP on a special port for data transfer. On the server I should at least run /ViewPro or /Command. Does anyone have improvements to this approach, perhaps one which can be built using the free REBOL/View or even REBOL/Core? Examples/caveats? thanks ./Jason

 [2/8] from: rpgwriter:ya:hoo at: 18-Dec-2001 14:08


--- Jason Cunliffe <[jasonic--cunliffe--verizon--net]> wrote:
> I need to build a secure client-side tool in > REBOLfor people to upload files
<<quoted lines omitted: 12>>
> built using the free REBOL/View or even REBOL/Core? > Examples/caveats?
You could always implement encryption yourself and send the files between REBOL client program to REBOL server using a custom protocol. There are any number of free sources describing cryptographic algorithms on the web; the main problem with implementing them in REBOL may be performance, since REBOL isn't entirely a speed demon for math, as I understand it. Chris Dicely

 [3/8] from: jasonic:cunliffe:verizon at: 18-Dec-2001 19:01


> You could always implement encryption yourself and > send the files between REBOL client program to
<<quoted lines omitted: 4>>
> since REBOL isn't entirely a speed demon for > math, as I understand it.
Thanks. Yes I tend to believe the easiest adn often most effective security is simply small customized tools designed to play together on both client and server. For that one can use almost anything, images, flash, rebol .. 6 different sister emails designed to be re-assembled etc. Am I right in understanding that the cryptographic needs are only for generating codes? They do not need to run all the time? If so, REBOL's math crunching speed is not really an obstacle. Today I upgraded my version of F-Secures SSH-Telnet Client. They ahave a really cool installation tool. It opens a window and then tells you to move the mouse around. As you do so, a fuel guauge graphic fills pregresses. The softwar uses the manually genrated, random, hard-to-reproduce mouse xy coordinates as seed data for the SSH code. This takes only about 7 seconds to complete. Seems like a very neat way to create secure pascodes on the fly. I hope to try a native REBOL version. Other approaches I have been wondering about: using small photos with embedded data in them. The advantage there is an ancient humanly readable verification combined with encrypted invisble data. A hybrid woudl be to generate small artworks using the mouse tracking.. in effect genreate art to craeet imagery which also embdeds encrypted data within. These could then be used as iconographic security tokens. ./Jason

 [4/8] from: tomc:darkwing:uoregon at: 18-Dec-2001 17:06


Hi Jason, encryption can be achive with just core but it is better not discuss it on the list (per RT request) [tomc--darkwing--uoregon--edu] On Tue, 18 Dec 2001, Jason Cunliffe wrote:

 [5/8] from: jasonic:cunliffe:verizon at: 18-Dec-2001 20:47


> Hi Jason, > > encryption can be achive with just core > but it is better not discuss it on the list > (per RT request) > > [tomc--darkwing--uoregon--edu]
Hi Tom Thanks for your reply. I am listening ... ./Jason

 [6/8] from: ammonjohnson::yahoo::com at: 18-Dec-2001 21:14


Jason, another idea is to send the 'sister emails' (broken up data) over different transportation protocols. Enjoy!! Ammon

 [7/8] from: brett:codeconscious at: 19-Dec-2001 14:31


Well if it is a process that you repeat time and time again, View/IOS may be appropriate. As I understand it you would install it and your problem is solved. Alas alack, when / if we are to see it and for what cost of the various installations I know not. Brett.

 [8/8] from: slok00::yahoo at: 19-Dec-2001 11:46


At 11:38 AM 12/18/2001 -0500, you wrote:
>I need to build a secure client-side tool in REBOLfor people to upload files >to a remote server. I would like to use REBOL/View so I can offer an easy >GUI for fiel browsing, selection and transfer. An option I see using REBOL >are:
I once posted a question which requires synchronisation. To a certain extent, it is similar to the file upload stuff you are talking about. The feedback from the list is to investigate REBOL EXPRESS. However, I am not up-todate on the various products that RT has in the pipeline. Personally, I am still interested in the synching capabilities of Express. YekSoon

Notes
  • Quoted lines have been omitted from some messages.
    View the message alone to see the lines that have been omitted