Posted by cwdjrxyz on 10/02/06 01:32

Luigi Donatello Asero wrote:
> "cwdjrxyz" <spamtrap2@cwdjr.info> skrev i meddelandet
> news:1159747676.902387.80110@m73g2000cwd.googlegroups.com...
> >
> > Luigi Donatello Asero wrote:
> > > "cwdjrxyz" <spamtrap2@cwdjr.info> skrev i meddelandet
> > > news:1159744631.465243.144640@e3g2000cwe.googlegroups.com...
> > > >
> > > > cwdjrxyz wrote:
> > > >
> > > > > The password is not on the site. The password is entered only after
> the
> > > > > encrypted file is downloaded. The persons that need such files are
> > > > > given the password by email, phone, or whatever. See if you can open
> > > > > http://www.cwdjr.net/test/twoImages.exe and tell me the names of the
> > > > > images you see. You likely can download as normal. However when you
> > > > > doubleclick to cause the self extracting file to open, you should
> get a
> > > > > screen that asks you to enter a password. If you have the correct
> > > > > password, the encrypted file opens and gives you a directory that
> > > > > contains images. Of course, being an exe file, I would understand
> why
> > > > > you might not want to try it, coming from someone you may not know.
> > > >
> > > > If anyone tried to open the encrypted file and failed, use the
> > > > password: auslese . It should then open, provided this type of file
> > > > works on you OS. It works for me on Windows XP and several recent
> > > > browsers that I have tried.
> > >
> > > Why do you not want to use https?
> >
> > I actually usually use ftp with password protection on my site for the
> > very few things I need to download securely. I also have high security
> > sockets encrypted pages should I need them, but I do not need them now.
> > I was just showing how you can securely download even if you can not do
> > anything on the server, such as is the case for some of the few
> > remaining free hosts. Of course a file with an extension of .exe will
> > discourage many from downloading in the first place unless they know
> > who you are and have arranged with you to get passwords for files they
> > need to download. What I illustrated is not much different from what
> > some people do who sell programs. Anyone can download the protected
> > program file. However you can not open it until you pay the seller and
> > they send you a password by eMail.
>
> But if the e-mail is not encrypted how safe is that?

Probably safe enough for most applications if you change the password
every now and then, unless you have very secret material on the site
that should not be there anyway. Or you can send the password by
certified snail mail, encrypted telephone messages with decrypters on
the phone at each end, etc. For anything that critical, you should of
course move to a server that allows secure sockets pages that allow
verification of the security of the page. But none of this is likely to
stop federal agents, with a court order, from finding out what is on
your pages.

• Next in forum: Re: secure file transfer
• Prev in forum: Re: Playing with CSS
• Thread view: Re: secure file transfer

[Reply to this message]