On Mon, May 22, 2006 at 01:20:10PM +0100, Wayne Stallwood wrote:
On Mon, 2006-05-22 at 05:37 -0500, chrisisbd@leary.csoft.net wrote:
User server side encrypt/decrypt and an https: server. This requires more effort to set up apache to do https: but I suspect is rather easier to do the actual encrypting and decrypting.
It's not as much effort to set up as it seems, there are about a million guides on the interweb on how to do it. In fact certificate generation aside it's pretty much automatic on most modern distros. Depending on how sensitive the data is you can probably use self signed certs.
Yes, I just read one of them and it seems pretty straightforward.
This has the benefit that you can then format the data in anyway that works as a web page...just bolt a bit of authentication on the front and you are done.
Only if the computer it's on is itself secure against attack as the files will be in unencrypted form. There's no way I'd do this on anything except my own machine at home and even then I'm not totally convinced it's a good idea. So the connection is secure but is the data itself secure?
In fact, given that the 'source' code lives on a fairly secure machine at home how vulnerable would the data be if it was just in a password protected Wiki? (i.e. the data itself isn't encrypted)
But the server would have to pass the data in plain text to your browser so that it can be rendered. So anyone sniffing the network would be able to see your data as you viewed the page. Unless you mean that you want to make the data available as downloadable files that are encrypted by another means themselves...but that would be very cumbersome.
I was meaning an SSL connection to a password protected Wiki page (I think!).
Going back to my original doubts the question is really whether one's data is more likely to be compromised by someone grabbing it in transit or by someone breeaking into the system where it is stored.
It strikes me as unlikely that anyone will 'sniff' my communication with my home server - why would they? There's no way that they could determine that the data I'm transferring is useful. It's not at all the same as if I was using a web browser to access an internet banking site where there is a very large chance of signifcant data being transferred.
On the other hand how secure is my home system itself against someone hacking into it and finding some files with passwords stored in them?
It just seems odd to be paranoid about 'sniffing' but not to encrypt the data on the computer which seems to me just as (if not more) vulnerable.