[gollem] How Gollem works...
Chris
cjdl01 at brokensolstice.com
Sat Jul 1 08:38:28 PDT 2006
Hello.
I am running my horde server on openBSD 3.8. I have apache running in
a chroot jail. I have worked very hard to keep this system as secure
as I can. Everything runs on one box: (Horde-3.1.1, Turba-2.0.5,
Kronolith-2.0.6, Ingo-1.0.2, Imp-4.0.4 and nag-2.0.4). Apache runs
only through https, I use sasl and imaps.
I want to use gollem with ftp, but my biggest concern is undermining
all my efforts at security. It does not look like gollem can use sftp.
As it stands, no passwords go to or from this box in the clear.
Everyting coming in and out of it is encrypted.
So, my question is: how does gollem manage its ftp traffic?
My hope is that when a file is uploaded, that it is uploaded via https
to a temp dir, then ftpd connects to the localhost and moves the file
where it needs to go.
My fear is that Gollem will upload the file using unencrypted ftp
directly to the server, broadcasting the username, password and
contents of the file to any who might be listening.
If the former is true, that is great! We are a go. If the latter is
true, then I cannot use Gollem with ftp.
(Currently I do use gollem with the sql backend -- but everyone can see
everybody's everything this way. There is no internal security or
compartmentalization. I cannot continue to do this.)
Thank you for your help!
Chris
----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.
More information about the gollem
mailing list