Personal computing discussed

Moderators: renee, Dposcorp

 
Scrotos
Graphmaster Gerbil
Topic Author
Posts: 1109
Joined: Tue Oct 02, 2007 12:57 pm
Location: Denver, CO.

Web-based secure file transfer portal?

Mon Jun 11, 2012 2:33 pm

I'm unsure of how to describe this since I don't use MegaUpload or DropBox or stuff like that, but I think it's similar.

Looking for a solution that's basically a web page via SSL wherein someone can upload a file. That's it. It'd be nice if you could have a form where the person could fill in their name, who the file was intended for, and contact email then when submitted maybe a CRON job or scheduled task could see a new file's there and alert someone with the data that was entered in the form.

I'm looking for one-way communication with no needed user authentication. Just dump the file on the server, you can't see nuthin' else, call 'er done. sftp isn't really a good option since it'd be requiring people to get an sftp client and I figure a website will have at most an activex control that the end user would have to one-time install.

These are people sending customer confidential data out unencrypted via email so the solution can't be too difficult--they've already proven that their brain-meats aren't that massive to begin with.
 
nerdrage
Graphmaster Gerbil
Posts: 1314
Joined: Thu Mar 06, 2003 2:49 pm
Location: Raleigh, NC

Re: Web-based secure file transfer portal?

Mon Jun 11, 2012 3:30 pm

I did something like this at my last job using a really basic ASP.NET application. It was to allow non-sophisticated users to securely upload Word/Excel/PDF/Text files via a webpage using a standard HTTPS connection (SSL/TLS).

I created a basic non-authenticated web page with a standard upload button on it (no ActiveX necessary!) which would allow them to browse and then upload the file. I bulk emailed the users with a link that they could click on that would take them to my page. The link contained a GUID in the query parameters so I could associate the user with the uploaded file(s). I put a cap on the size of the file the user could upload to prevent them from uploading massive files and filling up the disk.

It worked great for the most part. The really dumb users tried to upload WINWORD.EXE and "Shortcut to xxxx.LNK" files, but we just had a temp call those particular users to step them through the upload process.
 
Scrotos
Graphmaster Gerbil
Topic Author
Posts: 1109
Joined: Tue Oct 02, 2007 12:57 pm
Location: Denver, CO.

Re: Web-based secure file transfer portal?

Mon Jun 11, 2012 5:15 pm

Ohhh that sounds just about right! Did you write the application yourself?
 
Scrotos
Graphmaster Gerbil
Topic Author
Posts: 1109
Joined: Tue Oct 02, 2007 12:57 pm
Location: Denver, CO.

Re: Web-based secure file transfer portal?

Tue Jun 12, 2012 9:35 am

I was kinda hoping for a premade solution, though... Maybe something I could slap on an openbsd server or a windows box or something like that. While we could develop it in-house, we're allocating resources for other stuff at the moment.
 
morphine
TR Staff
Posts: 11600
Joined: Fri Dec 27, 2002 8:51 pm
Location: Portugal (that's next to Spain)

Re: Web-based secure file transfer portal?

Tue Jun 12, 2012 9:48 am

Scrotos wrote:
Looking for a solution that's basically a web page via SSL wherein someone can upload a file. That's it. It'd be nice if you could have a form where the person could fill in their name, who the file was intended for, and contact email then when submitted maybe a CRON job or scheduled task could see a new file's there and alert someone with the data that was entered in the form.

I don't know the exact details, but it sounds like Dropbox really is the better option there. They just need to register for an account and download the Dropbox client. From there, they just copy the files onto their local Dropbox folder and it gets automagically synchronized.

As for a webpage specifically, I've tried using FileChucker successfully. It's an upload component that begets integration onto your website/CMS, but it doesn't look like it'd be too difficult to get working under HTTPS.
There is a fixed amount of intelligence on the planet, and the population keeps growing :(
 
cheesyking
Minister of Gerbil Affairs
Posts: 2756
Joined: Sun Jan 25, 2004 7:52 am
Location: That London (or so I'm told)
Contact:

Re: Web-based secure file transfer portal?

Tue Jun 12, 2012 10:59 am

Of course dropbox isn't really a solution if you're looking for something a bit more secure than email :P (I use it myself but it does have its limits)

Could you give a bit more detail on exactly what you need it to do... should anybody be allowed to send a file to anybody... are only a few users sending to lots of different people... are lots of people sending stuff to just a few users?

I doubt there's an exact pre-made solution to this as allowing anonymous file uploads is usually thought to be a bad thing but on the other hand what you're trying to do is very simple and you could probably have it written in a day or so depending on how complex you want to make it.
Fernando!
Your mother ate my dog!
 
morphine
TR Staff
Posts: 11600
Joined: Fri Dec 27, 2002 8:51 pm
Location: Portugal (that's next to Spain)

Re: Web-based secure file transfer portal?

Tue Jun 12, 2012 11:30 am

cheesyking wrote:
Of course dropbox isn't really a solution if you're looking for something a bit more secure than email :P

How so, if the transfer is encrypted?
There is a fixed amount of intelligence on the planet, and the population keeps growing :(
 
nerdrage
Graphmaster Gerbil
Posts: 1314
Joined: Thu Mar 06, 2003 2:49 pm
Location: Raleigh, NC

Re: Web-based secure file transfer portal?

Tue Jun 12, 2012 12:07 pm

Scrotos wrote:
Ohhh that sounds just about right! Did you write the application yourself?

I was kinda hoping for a premade solution, though... Maybe something I could slap on an openbsd server or a windows box or something like that. While we could develop it in-house, we're allocating resources for other stuff at the moment.

Yeah I wrote it myself. There wasn't a whole lot to the webpage itself, it's really just one page with a button on it and some text instructions. I did have to configure IIS to require an SSL connection. The real complexity was the database stuff, sending out the emails with the link back to the site, and the problem of emails going into the spam folder.

cheesyking wrote:
Could you give a bit more detail on exactly what you need it to do

I think what he wants is the web equivalent of an FTP site that allows anonymous and encrypted uploads. Something easy enough that a non-tech-savvy person could use it, and not have to create accounts or install anything.
i5-9600K · Z390 Aorus Pro · 16GB G.Skill DDR4-3200 · MSI TwinFrozr HD7850 · Intel 760p 512GB · WD 1TB · HP ZR24w · Corsair VX450 · Antec Solo · Win10/Ubuntu 18.10
 
Scrotos
Graphmaster Gerbil
Topic Author
Posts: 1109
Joined: Tue Oct 02, 2007 12:57 pm
Location: Denver, CO.

Re: Web-based secure file transfer portal?

Tue Jun 12, 2012 3:45 pm

Not a huge fan of "in the cloud". Unless I'm mistaken, dropbox is a hosted service elsewhere? I'm looking for direct-from-customer-to-me.

Ideally we'd just use TLS between every email server and not have Exchange servers set to the default of 10 MB for attachments. Then we could just send these files via email which is how our customers are doin' it now.

We have other options but they are all ones where the customer would have to log into someplace or us IT blokes would have to manage accounts, etc. These guys are too dumb and whiny to ever lower themselves to use that type of thing--these are IMPORTANT people, after all.


Think of this as sftp allowing anony login, upload only, the uploader can't see anything after they upload the file. Ok, now take away the requirement to use a special client. Instead, just use a web page via https so any idiot can figure it out. And to make it simpler, have a simple form where someone can just browse to the file they want to upload. If you use some kind of plugin, that's fine too--that's a one-time thing that we can walk someone through. For bonus points, they have some other fields like "email" or "from name" and "to name" so when they dump the file, it might go in \files\fromname-toname\file.pdf. Then to get crazy, something on the other end can monitor \files and see something new is there and send a notification that a new file is out there, go take a look.

There is no need to send files outbound. There is no need for people to review files that they uploaded. Just one direction, no real authentication needed. Can't let people browse since it's different customers dumping different confidential data. This isn't the field, but say our customers are all doctor offices and they are dumping patient files to us. Doctor A shouldn't be able to see the patient files from Doctor B's office. And we don't send confidential data back to them so no need for a bidirectional ability.
 
Scrotos
Graphmaster Gerbil
Topic Author
Posts: 1109
Joined: Tue Oct 02, 2007 12:57 pm
Location: Denver, CO.

Re: Web-based secure file transfer portal?

Tue Jun 12, 2012 3:57 pm

I'm kinda surprised there's nothing out there already for this. There's these web-based file dumping places (dropbox, megaupload, whatever else) and hosted-and-web services like Zix and Cisco Secure Envelope and McAffee-email-whatever wherein you can have this stuff hosted via email or done at your business with an appliance or VM or whatever. The problem with these for the super-paranoid are the web-based ones, well, you're putting confidential data "on the weeeeebbbb" and you need to have yet one more user/pass to remember/learn. For the email ones that's user/pass to learn, some may be on the web, and if it's hosted at your place you may have to burn up licenses or CALs or whatever.

The reason I say I'm kinda surprised is that I think many businesses would find it useful. I'm forcing TLS on domains that I can to mitigate the risks of sending crap over email but many don't support TLS so I can't force it on for everyone. Plus, the field of people sending us junk is highly variable; it's not just coming from a set of known domains so it'd be nice to have a generalized solution. Any business that has people sending confidential data would benefit from this, especially if it eschews the special client or user/pass part that most people won't want to deal with.

I guess since SSL over email isn't universal, this would be the next best thing. I don't even care what OS it runs on or if it integrates with whatever network we run internally. This is the kinda thing that, since it's exposed to the outside world, you might want to isolate a bit from the rest of the network. I'd get a machine or run a VM or somethin'.
 
Scrotos
Graphmaster Gerbil
Topic Author
Posts: 1109
Joined: Tue Oct 02, 2007 12:57 pm
Location: Denver, CO.

Re: Web-based secure file transfer portal?

Tue Jun 12, 2012 4:00 pm

morphine wrote:
As for a webpage specifically, I've tried using FileChucker successfully. It's an upload component that begets integration onto your website/CMS, but it doesn't look like it'd be too difficult to get working under HTTPS.


Hey, that looks nice! I'd get rid of the "downloads" bit, of course. Mmmm, maybe I'll dork around with this a bit. It's been like 15 years since I programmed anything, should be a piece of cake! Though I used to do HTML by hand so I'm not necessarily scared of web stuff, just... inexperienced. :oops:
 
morphine
TR Staff
Posts: 11600
Joined: Fri Dec 27, 2002 8:51 pm
Location: Portugal (that's next to Spain)

Re: Web-based secure file transfer portal?

Tue Jun 12, 2012 5:02 pm

Scrotos wrote:
Hey, that looks nice! I'd get rid of the "downloads" bit, of course. Mmmm, maybe I'll dork around with this a bit. It's been like 15 years since I programmed anything, should be a piece of cake! Though I used to do HTML by hand so I'm not necessarily scared of web stuff, just... inexperienced. :oops:

I tried it myself once and will be integrating it into a few websites as time allows. It handled multi-GB files nicely though. Haven't tried with HTTPS, but I don't foresee any issues other than the upload speed being slower.

Caveat: 32-bit browsers will go börk-börk with files over 2GB. It's not the script's fault, or your webserver's.
There is a fixed amount of intelligence on the planet, and the population keeps growing :(
 
Scrotos
Graphmaster Gerbil
Topic Author
Posts: 1109
Joined: Tue Oct 02, 2007 12:57 pm
Location: Denver, CO.

Re: Web-based secure file transfer portal?

Tue Jun 12, 2012 5:16 pm

I think we're looking in the 20 to 250 MB range so that should be good to go. Mainly scanned in documents.

Who is online

Users browsing this forum: No registered users and 1 guest
GZIP: On