Andreas Kotes wrote:
Hi!
* Tom Panning <[EMAIL PROTECTED]> [20030312 03:13]:
Solicitor/lawyer deposits a sensitive document on a "server" and only
select ppl whom that lawyer selects can access or download that
document. It must be secure, auditable and keep lawyers happy!
well, in case you don't trust https et all, use gnupg, combining pgp
symmetric encryption for the content, asymmetric encryption for
distribution of the symmetric key to selected people, and pgp
timestamping/logging of hash sums for auditing, combined with a nice
(web)frontend in php/perl/whatever ..
Count
Our first thought was https, this is because trying to get lawyers all
over the country to use keys maybe just too hard. Ive never done such
security stuff before I am really the sys admin, I build, patch, harden
and maintain boxes, this is pretty much new ground for me.
It really depends on how careful the lawyers want to be v how little
effort they want to put in. I will have to write a brief I suspect
laying out the options.
The front end will I believe be web / php as thats what we have some
capability in.
Will need to log quite extensively I suspect, but that I would think can
be done inside the database.
Is something like SE Linux (or what ever) justified? in theory there
should not be any users on the box as it will be web based.
regards
Steven
