Remote file upload authentication?

Re: Remote file upload authentication?

Brian,

I would go with #2. Make sure that every machine has a digital
certificate installed, which is then sent with the request automatically to
identify themselves. Of course, I would also recommend using Secure Sockets
(SSL) in order to make sure that you don't get hit by a man-in-the-middle
attack.

Hope this helps.


--
- Nicholas Paldino [.NET/C# MVP]
- mvp@spam.guard. caspershouse.co m

"Brian Madsen" <brian.madsen@e duka.com> wrote in message
news:881acad3.0 310261832.5e6f4 50b@posting.goo gle.com...[color=blue]
> Hey guys,
>
> I am currently working on a remote file upload utility from an
> external server to a local server.
>
> Problems I face is:
> 1)the request server cannot be mapped - ie. i can't secure it by using
> the IP or somesuch.
> 2)the process is automatic, no user interaction involved.
>
> The upload process and distrubution is completed and i'm now stuck
> with finding an authentication model which ensures that multiple
> servers/locations can upload - but also limits those posting a request
> (meaning, no public access is allowed).
>
> I'm currently working on the following ideas:
> 1) XXbit security key from posting server
> 2) Digital signatures
> 3) system account for authentication (requires human interaction to
> setup each account which isn't preferable)
> 4) non-system account for authentication (username/password posted
> along the files - again, requires human maintenance and interaction).
>
> Anyways, there's pros and cons for each of the ideas i've gotten so
> far - but none distinguishes itself by standing out.
>
> So are there any ideas other than those ? or comments (pros/cons)
> anybody can think off in regards to my current limited list ?
>
> Cheers and thanks in advance[/color]

Re: Remote file upload authentication?

Thanks Nicholas,

Will research all complications that might entail and see what comes out of that.

Cheers
Brian

"Nicholas Paldino [.NET/C# MVP]" <mvp@spam.guard .caspershouse.c om> wrote in message news:<ewL8m1JnD HA.2432@TK2MSFT NGP10.phx.gbl>. ..[color=blue]
> Brian,
>
> I would go with #2. Make sure that every machine has a digital
> certificate installed, which is then sent with the request automatically to
> identify themselves. Of course, I would also recommend using Secure Sockets
> (SSL) in order to make sure that you don't get hit by a man-in-the-middle
> attack.
>
> Hope this helps.
>
>
> --
> - Nicholas Paldino [.NET/C# MVP]
> - mvp@spam.guard. caspershouse.co m
>
> "Brian Madsen" <brian.madsen@e duka.com> wrote in message
> news:881acad3.0 310261832.5e6f4 50b@posting.goo gle.com...[color=green]
> > Hey guys,
> >
> > I am currently working on a remote file upload utility from an
> > external server to a local server.
> >
> > Problems I face is:
> > 1)the request server cannot be mapped - ie. i can't secure it by using
> > the IP or somesuch.
> > 2)the process is automatic, no user interaction involved.
> >
> > The upload process and distrubution is completed and i'm now stuck
> > with finding an authentication model which ensures that multiple
> > servers/locations can upload - but also limits those posting a request
> > (meaning, no public access is allowed).
> >
> > I'm currently working on the following ideas:
> > 1) XXbit security key from posting server
> > 2) Digital signatures
> > 3) system account for authentication (requires human interaction to
> > setup each account which isn't preferable)
> > 4) non-system account for authentication (username/password posted
> > along the files - again, requires human maintenance and interaction).
> >
> > Anyways, there's pros and cons for each of the ideas i've gotten so
> > far - but none distinguishes itself by standing out.
> >
> > So are there any ideas other than those ? or comments (pros/cons)
> > anybody can think off in regards to my current limited list ?
> >
> > Cheers and thanks in advance[/color][/color]