User login

Security Aspects of Digital File Transfer

(March 2001) posted on Thu Jul 26, 2001

Coudray explores some of the security factors involved in moving files over the Internet.


By Mark A. Coudray

It also became very common for service bureaus to provide ftp capability to their customers to speed up the process of sending and receiving digital art. It was the easiest way of sending very large files, and it could be accessed at any time.

 

The major disadvantage of the ftp site is that it is public. Indeed, it is so insecure as to be accessible at almost any level with virtually no experience on the part of the viewer. I once logged onto a site to see how the ftp process worked. I was shocked to find dozens of folders with client names (many of whom I recognized) on them. All of the files were completely in the public eye. I could see what files were being sent and even had access to the files themselves. If I was so inclined, I could copy the contents of any file to my desktop. This is certainly not the norm, but it exemplifies the danger of a public ftp site. Clearly, a better approach was needed.

 

With the development of the World Wide Web, a new type of server protocol began to appear--hypertext transfer protocol (http). This is the familiar label that begins most Website URL's today. It also is a publicly accessible server protocol, and it is most often used to send information via forms and links when a user requests it.

 

The need for security In 1997, 85% of Internet users expressed some degree of fear that their private information could be compromised, copied, or stolen. It did not take long before the general public began demanding better security and protection of their private information, most notably, credit-card account numbers.

 

The resulting solution was the secure sockets layer (ssl) protocol developed by Netscape. It is designed to safely transmit and receive digital information between two parties in such a way that it cannot be intercepted, copied, or stolen. In a Website URL, the protocol is identified as "https", where the "s" denotes a secure server. The ssl technology is used in conjunction with special software called a digital certificate or digital signature. It incorporates encryption and decryption that is not easily broken or decoded. It all sounds very 007ish, but it is really your assurance of a protected transaction.

 


Terms:

Did you enjoy this article? Click here to subscribe to the magazine.