How Secure?

[jscheuer1]

Thanks to all for their comments on this, and please continue if you have more.

I just thought I would inject what my thinking has become on this though. As this is for a specific purpose for a specific client, and as the web space is donated for promotional consideration, and as this host has been compromised in the past, allowing their list program to be hijacked (or via some other means the mail address of the client's site to be hijacked) by at least one spammer*, and as the client really wouldn't want to have its customers suffer loss of privacy, even if this is just a possibility, simply as the result of being a customer, and as doing this would involve at least some 'training' of those within the organization who would use it to prevent them from becoming leaks and just to get them familiar with it - I have decided at this time not to use it in this case.

However, it's nice to know it's about the 'most secure that you can get', and I may use it for less sensitive data in the future.

*This resulted in at least one member of the client organization receiving tons of spam that appeared to come from the client organization's web address, and was eventually resolved by the host. There were others affected outside the client organization, but this may have been using other accounts on the host. This is the only 'breach of the host incident' I am aware of and it was resolved, but I only heard about it because one of the client organization's principals was affected.

[Twey]

and as doing this would involve at least some 'training' of those within the organization who would use it to prevent them from becoming leaks and just to get them familiar with it - I have decided at this time not to use it in this case.

What are you doing instead, then? About the only more secure solution is to not upload the sensitive content to the webserver in the first place.

[jscheuer1]

What are you doing instead, then? About the only more secure solution is to not upload the sensitive content to the webserver in the first place.

Well, yes. The information isn't going on that server. I attach the local web page to an email to two of the client organization's principals. I didn't even think of that. As a result, it is potentially exposed in transit, and potentially exposed in a great many more locations, but is perhaps less likely to become a target of hackers than if it were to be a page on a server. In any event, the information, to be used, ends up in hard copy. I think that is actually the biggest potential for breach. However, I have no, or very limited control over that. Fortunately, the folks who use it are trustworthy as far as I know.

Other considerations here are that what is currently done works, and is slightly less work for me than this new idea (in my current conception of it) would be, and folks are familiar with it, and I can't control what others do with it.

It wouldn't be the end of the world if these email addresses got out. Most people's addresses already get their share of spam and there is no need to keep secret the actual identities of the customers. There is no information other than name, email address, product, quantity and price. This is not a good or service anyone should be ashamed of having used, and takes place in public where they could be observed doing it anyway. I'd just like to exercise good faith in the protection of the addresses and keep my work load down, while still delivering the information in a timely manner.

[Twey]

As a result, it is potentially exposed in transit

You could perhaps encrypt the file? PGP does a fairly good job.

[jscheuer1]

You could perhaps encrypt the file? PGP does a fairly good job.

I haven't used that in quite a long time, going back to when the messages I was concerned with went through a net like FIDO. I never had anything so sensitive that I needed it (PGP), but I was interested in the concept, so tried it out.

Unless I am mistaken, that would require a bit of a learning curve though, and a fairly steep one for any recipient who is not already familiar with it or is not at least fairly 'geeky'.

[Twey]

Not really. The setup can be a little technical, but after that it's just a case of choosing the message and clicking "decrypt" in most cases.