× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. March 2005

Re: Encrypted email versus HTTPS


Now, due to the "Full Employment for Lawyers and Auditors Act of 2002"
(a.k.a. Sarbanes-Oxley) our main client is requiring all communications to
be 'secure'. Without completely reworking the business procedures, I see two
options: 1) Use PGP or S/MIME to encrypt the attachments, or 2) Email a
'link' to our website, challenge the user for a userid/pw and use HTTPS to
allow the download.

Or both... :) Use PGP or S/MIME to encrypt an e-mail that contains a link...

The disadvantage of a website link such as
"https://www.myserver.com/docs/somedocument.pdf"; is ensuring a user does not
accidentally or purposely mangle the link and thereby retrieve someone
else's document. Could the solution be as simple as appending a hash# to the
document id?

Send each user a digital certificate that they can install into their browsers. Companies that I've worked with will provide a CD-Rom or floppy disk with a "setup.exe" program that will do all the work of installing the client certificate into the browsers.

Then, when they make a request from your iSeries, don't give them a direct link to the document, but instead have a program that runs on the iSeries that checks for the client's digital certificate.

Depending on the certificate that it finds, return the appropriate document (not a link to it, just copy the document...) This way, only a user with a particular certificate can get the document.

Alternately, give them a userid/password instead of using a digital certificate... not quite as secure, but might be more convienient depending on the circumstances...


As an Amazon Associate we earn from qualifying purchases.

This thread ...
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2025 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.