can i store files on my website and make them secure?
- Thread starter nomadic
- Start date
<TIN FOIL HATS ON>
a) I wouldn't even use public computers (internet cafe's etc) for internet banking. There is software that will read your key strokes while you type even over an encrypted (SSL) link. not to mention storing your informtion.
b) if you were using ftp to access your web server your passwd can be sniffed over the wire as it is not encrypted. if your providor allows it use SFTP/SSH which is encrypted end to end.
c) cpanel has been the cause for some major computer cracks at large ISP's so becarefull there
d) PGP is all well and good but if travelling and you loose your laptop you loose your private key. back to square one.
best effort use SFTP to put a zipped file with a passwd with more than 8 alpha numeric plus special chars. somewhere on your webserver not in htdocs path so it cannot be accessed by a web server. Then only access it using SSH. SSH/SFTP can be setup so you have to provide a passwd and a pass phrase. it can also be setup so that it will accept a predetermined key and request no passwd etc. not good if you loose your laptop.
The more characters in your password the longer it will take to crack but it wont make it impossible. 6 alpha numeric character passwd can be cracked inside of a week, less if rainbow tables are being used. Then it is in the order of minutes. And then all you have to worry about is your ISP handing over your file to who ever turns up with the correct paper work.
basic rule is if you dont own both ends and the wire in between someone will find a way to get into your box. You just have to make it as hard as possible.
</TIN FOIL HATS OFF>
a) I wouldn't even use public computers (internet cafe's etc) for internet banking. There is software that will read your key strokes while you type even over an encrypted (SSL) link. not to mention storing your informtion.
b) if you were using ftp to access your web server your passwd can be sniffed over the wire as it is not encrypted. if your providor allows it use SFTP/SSH which is encrypted end to end.
c) cpanel has been the cause for some major computer cracks at large ISP's so becarefull there
d) PGP is all well and good but if travelling and you loose your laptop you loose your private key. back to square one.
best effort use SFTP to put a zipped file with a passwd with more than 8 alpha numeric plus special chars. somewhere on your webserver not in htdocs path so it cannot be accessed by a web server. Then only access it using SSH. SSH/SFTP can be setup so you have to provide a passwd and a pass phrase. it can also be setup so that it will accept a predetermined key and request no passwd etc. not good if you loose your laptop.
The more characters in your password the longer it will take to crack but it wont make it impossible. 6 alpha numeric character passwd can be cracked inside of a week, less if rainbow tables are being used. Then it is in the order of minutes. And then all you have to worry about is your ISP handing over your file to who ever turns up with the correct paper work.
basic rule is if you dont own both ends and the wire in between someone will find a way to get into your box. You just have to make it as hard as possible.
</TIN FOIL HATS OFF>
