|
|
Dan Albrich
Microcomputer Network Specialist
dalbrich@oregon.uoregon.edu
For some years now, the Computing Center has been recommending the use of encryption tools to save your password and other communication from electronic eavesdroppers.
Most applications provide an easy way to encrypt your data. For example, most email programs support an SSL encryption option via a simple check box labeled "use SSL" or "SSL required, alternate port" for Eudora users. Unfortunately, however, there are no such easy solutions when using FTP (file transfer protocol).
The primary challenges posed by FTP are its integration into widely used website creation tools such as Macromedia Dreamweaver or Adobe's GoLive, as well as the cost and uneven quality of SFTP (secure file transfer) software currently available for the Macintosh.
Convenience and efficiency vs. security: Dreamweaver and GoLive. For example, if you manage a local departmental website, you may be using a page creation and site management tool such as Macromedia's Dreamweaver or Adobe's GoLive. Neither application supports an integrated encryption option at this time—so how can you upload your HTML files to the host securely?
While it is possible to use Dreamweaver or GoLive to edit a set of HTML files and then use SFTP to transfer them to the host, this is a clumsy solution at best. Built-in file transfer tools such as those provided by Dreamweaver and GoLive are not only convenient, they can greatly assist site management. For example, if you wish to make a site-wide change affecting dozens or even hundreds of documents, Dreamweaver can perform this entire process for you automatically. Unfortunately, there's currently no way you can use this helpful feature and at the same time maintain security, because Dreamweaver relies upon plain text (i.e., unencrypted) FTP to transfer the edited files.
Here's another example: suppose you are using Dreamweaver to create and manage your website and you have to rename an image file. When you do this, Dreamweaver automatically gives you the option of updating all references to that file in any HTML document on the site. This type of flexibility can be immensely useful, but it comes with the risk of compromising your site's security.
Computing Center staff have been requesting an integrated encryption option from Macromedia and Adobe for several years, but at the present time these vendors are still not offering secure solutions. As additional security options become available, we'll post them on the Microcomputer Services website at http://micro.uoregon.edu/security/
The imperfect world of Macintosh solutions. On the Mac, we have a situation where Mac OS 8 and 9 users will likely have to pay for an encrypted file transfer option. Two current solutions include the SFTP offering at http://www.macssh.com and Kagi's Interarchy (formerly known as Anarchie). For details about Interarchy, see http://www.interarchy.com
In the Mac OS X world, we have a free option called Fugu. Fugu is a graphical front-end to the command-line SFTP program. In our tests, it delivers graphical drag-and-drop file transfers with encryption for most operations. However, there are some things it can't do. For example, you can't drag several folders into another folder on the host side—a common method of reorganizing a set of folders.
Fugu is a work in progress and each release has been a marked improvement over the previous version. For the most current release, go to Fugu's website at http://rsug.itd.umich.edu/software/fugu/
Hope for the future. We're not giving up on FTP yet. The day will come when we can have our cake and eat it, too: eventually, we'll have the software solutions to perform efficient, comprehensive file transfer and site management tasks—with encryption.