[NCLUG] Building a linux based file exchange portal?

DJ Eshelman djsbignews at gmail.com
Tue Sep 22 10:19:51 MDT 2009


Oooh- what timing.

I just had a (medical) client ask me about a very similar thing, only 
with them obviously HIPAA is a factor, and of course they don't have a 
lot of tech savvy.

Most solutions I've seen thus far have been commercial.  While a simple 
web-folders thing would seem to work, what they're looking for is a 
solution that would allow them to upload a file to a webserver and email 
a link to the client (patient), presumably a one-time usage link that 
challenges with some sort of proprietary information (password, 
birthday, ssn, whatever).

Going even further would be a two-way solution, where clients (patients) 
would have the ability to upload their own files (records) a la Google 
Health.

So- I'll also request some feedback from the client and see where this 
takes us!

-DJ

Marcio Luis Teixeira wrote:
> Hi everyone,
>
> Our company has a need for some sort of server where internal employees can upload files and make them available to clients, or vice versa. In the past, this has been done simply by having a Linux box in the DMZ where both the internal employees and external users can use "sftp/ssh" to exchange files.
>
> This is sort of clumsy for several reasons. First, I doubt it is very secure, since once you have an SSH session to a box, you can do just about anything. But secondly, and most important in my view, is that it is a pain to administer. I have to manage accounts for both the internal users as well as adding accounts for external users. In addition to that, because we want only certain IP addresses to have access, I have to manage that as well. Since I'm the only one who can do this, of course users must come to me whenever they want to exchange files with someone new.
>
> So I've been looking for a better solution. In an ideal world, there would be some self-managing web portal sort of thing, where internal users could use their browser to upload files, then configure individual accounts for external users which would have access to those files. Alternatively, they simply upload files and assign to it a unique password which they then share to only the users they want to have access. So far I've been unable to locate anything like that (in part, because I do not know what keywords to search for that will not give me a bunch of unrelated stuff).
>
> In lieu of custom software, I've contemplated several generic solutions to this problem, none of them all that attractive. I could set up an apache web server, and give internal users access to that box, and have them share files off their http home using ".htaccess" for access control, but that's sort of technical and doesn't easily (I think) allow for uploads from clients. Or I could set up anonymous ftp and force our people to use encryption on their files, but that's very risky, especially if I allow uploads (I'll be hosting an unintentional warez site in the blink of an eye).
>
> So, better ideas would be appreciated, thanks!
>
> -- Marcio
>
>
>       
> _______________________________________________
> NCLUG mailing list       NCLUG at nclug.org
>
> To unsubscribe, subscribe, or modify 
> your settings, go to: 
> http://www.nclug.org/mailman/listinfo/nclug
>   



More information about the NCLUG mailing list