I have access to update a website for a company. Previously, they had a file that they did not want distributed around (not super-secret, but they didn't want it going anywhere willy-nilly) just put on their web server with no link to it so that they could share this file around the company if anyone needed it by going directly to the file in a browser. I've been given access to update this website now. I know I can stop search engines from spidering the file by using robots.txt, but robots.txt is publicly viewable. I don't have access to create a FTP server, and feel slightly uncomfortable leaving this file there. It has a MS Office password on it, is that secure at all? I don't have access to .htaccess to limit access that way, is there a way of preventing others from knowing where this file is, or a better yet, what would be the best way to share this file given I don't have access to a FTP or samba server?
Safely Sharing a File on HTTP Question
- Thread starter Alessandro
- Start date
Oakenfold
Diamond Member
- Feb 8, 2001
- 5,740
- 0
- 76
If it's just a password protected (from the built in office feature) file, then no it is not secure. If you google "cracking lost office passwords" you will see the options available. It might be a good time to review alternative ways (secure ftp/http) for secure file sharing for the employees.
Maybe someone can share their experience of what worked for them.
Maybe someone can share their experience of what worked for them.
QFT.
I'm routinely asked to crack password protected documents at my company for various legitimate reasons. People quit, retire, get fired etc or sometimes change positions, and let's face it if you don't work with a document very frequently, you might even forget the dang password.
You haven't indicated what other services the co might have at it's disposal.
Do they have File and Printer server(s)?
Are they an Active Directory Windows Domain organization?
Exchange?
Thanks for the replies. Unfortunately, I'm working with VERY limited resources. They do have a file server that I could use, but that would mean for anyone who wants to use the file, I would have to contact a third party to set up an account to use it, which is more cumbersome than they'd like (they're used to just telling anyone who needs the file to go to this address). No Exchange/Active Directory options. I think I might encrypt the file with TrueCrypt like Zugzwang152 mentioned - there's nothing secret inside, they just don't want the file all over the internet. AES or Twofish should fit the bill? Also, is there any way I can have a program encrypt the file with needing only a password to open it? E.g., they download the file, enter a password, file opens, without having any new software on their system. Thanks!
AES or Twofish are both good. You do need to run the Truecrypt program to decrypt the file. Either 1) administrator installs program, and allows non-admininistrator users to run it, or 2) run the traveler mode program with administrative rights.
If you don't really care about security, and merely want some low level deterence, you may want to consider an encrypted/password protected zip file instead. It's weak, but does take some knowledge and/or googling.
If you don't really care about security, and merely want some low level deterence, you may want to consider an encrypted/password protected zip file instead. It's weak, but does take some knowledge and/or googling.
PGP offers a self-decrypting archive that would fit your requirements.
While previous encrpytion algorithm implementations in Winzip were very poor, the latest versions now implement a proper AES.
WinRAR is another standard compression tool that has a strong AES implementation.
All 3 of these allow for self-extracting files that don't require the person opening the document to have anything installed (and they don't require admin rights either).
Special Note: Whatever you choose to encrypt with, the key vulnerability in breaking into the file is the length and complexity of the password you use.
8 characters = minimum
12 characters = ok
15 characters+ = recommended
4 groups of characters you can use (industry standard is to require 3 of the 4):
1. Upper case letters: abc...
2. Lower case letters: ABC...
3. Numbers: 123...
4. Special characters !@#$%^&*()
While previous encrpytion algorithm implementations in Winzip were very poor, the latest versions now implement a proper AES.
WinRAR is another standard compression tool that has a strong AES implementation.
All 3 of these allow for self-extracting files that don't require the person opening the document to have anything installed (and they don't require admin rights either).
Special Note: Whatever you choose to encrypt with, the key vulnerability in breaking into the file is the length and complexity of the password you use.
8 characters = minimum
12 characters = ok
15 characters+ = recommended
4 groups of characters you can use (industry standard is to require 3 of the 4):
1. Upper case letters: abc...
2. Lower case letters: ABC...
3. Numbers: 123...
4. Special characters !@#$%^&*()
TRENDING THREADS
-
Discussion Zen 5 Speculation (EPYC Turin and Strix Point/Granite Ridge - Ryzen 9000)- Started by DisEnchantment
- Replies: 25K
-
Discussion Intel Meteor, Arrow, Lunar & Panther Lakes Discussion Threads
- Started by Tigerick
- Replies: 21K
-
Discussion Intel current and future Lakes & Rapids thread- Started by TheF34RChannel
- Replies: 23K
-
-
Facebook
Twitter