No more unencrypted emails! EVER!
February 24, 2011 7:02 PM Subscribe
Looking for an open source, self-contained and webpage-based file lockbox program where my clients can upload sensitive files I don't want them emailing to me. Suggestions?
I have quite a few clients in my firm who need to provide us with electronic documents that might contain sensitive information. Although we're pretty good at dissuading people from sending unencrypted emails with unencrypted attachments to us, there are many times where we'd rather they be able to send the files to us in some electronic manner.
While driving home today, I remembered using website "drop boxes" while in college to submit papers and the like to professors. It would work perfectly in the situations we have - I could just email a link to our site (something akin to "files.foobar.com") and have them upload them to our site via HTTPS.
To be clear, I basically want something akin to FTP, but easy enough that your mother (and my mother) could use it. Having web-level access to the drop box for myself and my law partner would be nice, but not 100% necessary; I can FTP down the files on the other end if that's not included. Also, the ability for the user to assign a name tag to the uploaded file(s) (i.e. Bob Lawblah's Files) would be a big help, too.
Lastly - I need it to be compiler-ready code or better (a Debian package would be seriously tits); I don't have the skill, patience, or time to code anything.
Thanks!
I have quite a few clients in my firm who need to provide us with electronic documents that might contain sensitive information. Although we're pretty good at dissuading people from sending unencrypted emails with unencrypted attachments to us, there are many times where we'd rather they be able to send the files to us in some electronic manner.
While driving home today, I remembered using website "drop boxes" while in college to submit papers and the like to professors. It would work perfectly in the situations we have - I could just email a link to our site (something akin to "files.foobar.com") and have them upload them to our site via HTTPS.
To be clear, I basically want something akin to FTP, but easy enough that your mother (and my mother) could use it. Having web-level access to the drop box for myself and my law partner would be nice, but not 100% necessary; I can FTP down the files on the other end if that's not included. Also, the ability for the user to assign a name tag to the uploaded file(s) (i.e. Bob Lawblah's Files) would be a big help, too.
Lastly - I need it to be compiler-ready code or better (a Debian package would be seriously tits); I don't have the skill, patience, or time to code anything.
Thanks!
Response by poster: Too complex - user ids & passwords would work. I need to make this as simple as possible.
I do love Dropbox, though - we use it for file management for everyone inside the firm.
posted by plaidrabbit at 7:08 PM on February 24, 2011
I do love Dropbox, though - we use it for file management for everyone inside the firm.
posted by plaidrabbit at 7:08 PM on February 24, 2011
Yep sounds like more dropbox.com converts! Very easy to use and web access or shell integration.
posted by patrad at 7:10 PM on February 24, 2011
posted by patrad at 7:10 PM on February 24, 2011
Best answer: So if Dropbox is good, but the usernames and passwords are too much, what about Dropbox uploader? It's over HTTP so you can run into file size issues, but if you hard code in the username/password, you can present a simple file selection field and an upload button on a standard web page. It took me all of 5 minutes to set up last week.
posted by Nonsteroidal Anti-Inflammatory Drug at 7:13 PM on February 24, 2011
posted by Nonsteroidal Anti-Inflammatory Drug at 7:13 PM on February 24, 2011
Best answer: FileThingie in a HTTPS-only container is about as simple as it gets for something that's hosted on your own server. I've seen the 'Relay' directory manager used for a similar purpose, and it's slicker, but it's old, abandoned code, and the site hosting it has vanished.
posted by holgate at 7:18 PM on February 24, 2011 [2 favorites]
posted by holgate at 7:18 PM on February 24, 2011 [2 favorites]
Response by poster: Dropbox Uploader is perfect. Thanks for the link to FileThingie; I'd have used that, but Uploader integrates perfectly into our file setup already.
Thanks!
posted by plaidrabbit at 8:26 PM on February 24, 2011
Thanks!
posted by plaidrabbit at 8:26 PM on February 24, 2011
I have quite a few clients in my firm who need to provide us with electronic documents that might contain sensitive information.Could you please elaborate? All this talk of HTTPS is fine and dandy, until the files actually end up on e.g. Dropbox or FileThingie, where they then sit around unencrypted. Are you telling your clients to encrypt their content before uploading it, or are you letting them upload unencrypted content to remote servers which could then be accessed by any-old-person who works for that file hosting company?
(I think doing so would be, for example, illegal in the UK under the Data Protection Act).
You seem to have enough computer-chops to demand a Debian-ready package - why not set up a Linux box with SSH access and an encrypted file system and give your clients a 10 minute tutorial in using SCP (or even WinSCP)? How are web-based alternatives easier than dragging a file from Windows Explorer to WinSCP?
posted by asymptotic at 5:12 AM on February 25, 2011
(Encrypted home folders are supported during install by Ubuntu since 9.10. It would take you under an hour to set up such a server on e.g. Linode).
posted by asymptotic at 5:14 AM on February 25, 2011
posted by asymptotic at 5:14 AM on February 25, 2011
My little consulting firm uses a slick little subscription, web-based collaboration tool called Basecamp. It's not free, but we've never needed more than their basic, $50/month subscription because we regularly archive completed projects.
We issue an ID and password to our staff and each client, and set their account up so they can post documents for us, read drafts of work, and email comments or instructions. Staff can log their time on Basecamp, too, which our bookkeeper likes. Operating this way allows staff to access and post documents via the Internet when they're out of the office, and we've even given our printer an account where we keep the current versions of documents we regularly have printed. We've been really happy with it.
posted by northernlightgardener at 7:43 AM on February 25, 2011
We issue an ID and password to our staff and each client, and set their account up so they can post documents for us, read drafts of work, and email comments or instructions. Staff can log their time on Basecamp, too, which our bookkeeper likes. Operating this way allows staff to access and post documents via the Internet when they're out of the office, and we've even given our printer an account where we keep the current versions of documents we regularly have printed. We've been really happy with it.
posted by northernlightgardener at 7:43 AM on February 25, 2011
This thread is closed to new comments.
posted by msamye at 7:04 PM on February 24, 2011