4

Situation: For each customer, I have a script that generates some customized configuration files for their installation (host addresses, options, organization names, etc.) I need to get these to the customers, but I can't just e-mail them, since I want to keep them secure.

Idea: I'm envisioning a web drop-box type site: my script can automatically transfer the files to a given location, then this app will generate a "download key" which I can communicate to the customer. They can pull up a web link, enter the download key, and access the files. The catch is that each download key will only be valid once: if the download key is intercepted and a third party gets the files, the legitimate user will be alerted since they will be locked out when they try to access them. (This is not a disaster, since I can generate them a new configuration and invalidate the old one, as long as I know.)

Question: Does a web app to do this exist? Anything similar to this would be OK as well, as long as I can modify it to suit my needs. Doesn't have to be anything fancy -- PHP or Perl would be great.

I searched here and found a link to PHCDownload; it seems to be a bit overkill and I'm not sure how easily customizable it is. Having a hard time finding something since I'm not really sure what search query to use.

Any help or suggestions would be greatly appreciated.

andersop
  • 181
  • 3
  • We have a custom PHP app that does this for us. At the time there were a few commercial services that did what we needed we didn't want our clients files on a 3rd party computer system that we didn't have control over and didn't want any monthly bill. I would love to find an opensource alternative to maintaining the internal app though. – 3dinfluence Nov 03 '09 at 22:11

3 Answers3

1

1) create a small script to first rename your file to some random unguessable string (ie 32 alphanumerics) and then copy it to your HTTP server

2) set up a simple download script (see http://articles.sitepoint.com/article/file-download-script-perl), add a line to unlink the file after download

3) send the link to your customer

I think it could work - although I am not sure if it would stop concurrent two concurrent downloads if someone got hold of the link at the same time as your customer. You might need to add a lock on the file while sending it.

grojo
  • 429
  • 1
  • 7
  • 18
1

Why not encrypt the files? Trusting a client to have a PGP key is usually out of the question, but if they're on a mac a passworded encrypted DMG file works great, on windows the best you'll likely get built in is a zip file with a password, but thats relatively crackable. Using something like 7zip you could produce a self extracting passworded archive with strong cryptography, which is how I'd go.

It would take some handrolled scripts to automate this, but you could even go back to email delivery once you trust that the files are safe.

semi
  • 736
  • 3
  • 8
  • 15
0

Have you checked out accellion? They are a ftp/webmail hybred. We use it for our graphics designers to securely and easily send large files to the printers.

They offer a free virtual appliance. It also has encryption, delivery notification and forwarding prevent, all built-in for free.

If you pay you can setup automation.

JamesBarnett
  • 1,129
  • 8
  • 12