Andreas Kotes wrote:
Our first thought was https, this is because trying to get lawyers all over the country to use keys maybe just too hard. Ive never done such security stuff before I am really the sys admin, I build, patch, harden and maintain boxes, this is pretty much new ground for me.Hi! * Tom Panning <tpanning@vt.edu> [20030312 03:13]:Solicitor/lawyer deposits a sensitive document on a "server" and only select ppl whom that lawyer selects can access or download that document. It must be secure, auditable and keep lawyers happy!well, in case you don't trust https et all, use gnupg, combining pgp symmetric encryption for the content, asymmetric encryption for distribution of the symmetric key to selected people, and pgp timestamping/logging of hash sums for auditing, combined with a nice (web)frontend in php/perl/whatever .. Count
It really depends on how careful the lawyers want to be v how little effort they want to put in. I will have to write a brief I suspect laying out the options.
The front end will I believe be web / php as thats what we have some capability in.
Will need to log quite extensively I suspect, but that I would think can be done inside the database.
Is something like SE Linux (or what ever) justified? in theory there should not be any users on the box as it will be web based.
regards Steven