Security of data

Thu Jun 30 12:09:50 EDT 2005

Thanks for all the input. I now have a clearer picture of what i am faced with. I
need to be able for people to use the data but not be able to take it out of the
office and allow someone who will use it the wrong way to obtain it. Like I need
for a logging company to be able to avoid a spotted owl nest so the
managers/planners need to know, but there has been a problem because people who
are loggers not the managers get the maps and have cut down the tree that has the
nest. I know there has got to be some trust and ethics should be followed but
when the issue of jobs and millions of dollars is on the line everything goes out
the window.

--- Peter Kingsbury <peterkingsbury at istop.com> wrote:

> 
> Hi Randy,
> 
> It's difficult to make any site "secure" with your level of protection 
> in mind.
> 
> If your users are not technically savvy, then you are likely able to do 
> simple things like .htaccess-password protect your site and update the 
> password frequently, disallow right-clicking on the page, etc. This will 
> deter most end-users.
> 
> The problem with your inquiry is, for the very technically-savvy, many 
> security measures are no more than speed-bumps. If anything, 
> screencaptures can be gotten easily. And if the data itself is 
> important, there's always pen and paper to write it down!
> 
> On the temp file problem, perhaps you could call a custom-written 
> ActiveX control which clears up that directory upon page termination? 
> This isn't entirely useful, as anyone viewing the site with a non-IE 
> browser will bypass its intention. But it is a thought. Another idea is 
> to use the ImageMagick library to modify the map image data at some 
> point; I don't know if this is possible but it might be a solution.
> 
> You might also consider covering yourself legally ... e.g. a Terms of 
> Use page prior to viewing map data, whose terms the user must agree to 
> before using the site. At least you will have legal legs to stand on, 
> should the situation arise.
> 
> Just some ideas ... good luck securing your site.
> - Peter
> 
> 
> Randy James wrote:
> 
> >Hi Mike
> >
> >I was hoping someone would have a easy fix, but i guess not. I do not make the
> >assumption that when i allow people to veiw something that they can download
> it
> >and or keep it. In my book if you see something it does not mean that you own
> it.
> >
> >Randy
> >
> >--- Mike Davis <mike.and.kerry at GMAIL.COM> wrote:
> >
> >  
> >
> >>If you allow users to access something on their computers you must
> >>operate under the assumption that you have just given that user the
> >>ability to keep any information they download.  If you really want to
> >>prevent them from removing images, make them use a kiosk or something
> >>to access your mapserver information.
> >>
> >>As far as I know every system that purports to limit user access to
> >>information "temporarily" downloaded to their computers (quicktime
> >>temp files, flash audio, etc...) has been hacked.
> >>
> >>-mike
> >>
> >>On 6/29/05, Randy James <rjames57 at yahoo.com> wrote:
> >>    
> >>
> >>>Well ED thats my question also how do I protect from what you mentioned
> also?
> >>>      
> >>>
> >>The
> >>    
> >>
> >>>only way I have been doing it now is not to let anyone that should not see
> it
> >>>      
> >>>
> >>on
> >>    
> >>
> >>>the site by passwords.
> >>>
> >>>--- Ed McNierney <ed at TOPOZONE.COM> wrote:
> >>>
> >>>      
> >>>
> >>>>Randy -
> >>>>
> >>>>If the information is that sensitive, what's to keep the users from
> >>>>doing screen captures and saving the image files, regardless of what you
> >>>>do with MapServer?  Unless you have a well-built secure laptop
> >>>>environment, anything you put on the screen can go on the disk.
> >>>>
> >>>>      - Ed
> >>>>
> >>>>Ed McNierney
> >>>>President and Chief Mapmaker
> >>>>TopoZone.com / Maps a la carte, Inc.
> >>>>73 Princeton Street, Suite 305
> >>>>North Chelmsford, MA  01863
> >>>>ed at topozone.com
> >>>>(978) 251-4242
> >>>>
> >>>>-----Original Message-----
> >>>>From: UMN MapServer Users List [mailto:MAPSERVER-USERS at LISTS.UMN.EDU] On
> >>>>Behalf Of Randy James
> >>>>Sent: Wednesday, June 29, 2005 5:23 PM
> >>>>To: MAPSERVER-USERS at LISTS.UMN.EDU
> >>>>Subject: [UMN_MAPSERVER-USERS] Security of data
> >>>>
> >>>>I was trying to figgure out how to protect sensitive information. We
> >>>>have mapserver set up on our LAN, which does not allow http requests
> >>>>from the internet. It protects our data from the internet but now I am
> >>>>getting people who want to do reasearch in our office using thier own
> >>>>laptop. The problem i am faced with is the c:\windows\temp\*.png files
> >>>>that is downloaded by thier internet explorer. How do I make sure they
> >>>>are not taken out of our office when they pack their laptop out? Is
> >>>>there a way to display the maps and not have these files in the
> >>>>windows\temp folder?
> >>>>
> >>>>Randy
> >>>>
> >>>>__________________________________________________
> >>>>Do You Yahoo!?
> >>>>Tired of spam?  Yahoo! Mail has the best spam protection around
> >>>>http://mail.yahoo.com
> >>>>
> >>>>        
> >>>>
> >>>__________________________________________________
> >>>Do You Yahoo!?
> >>>Tired of spam?  Yahoo! Mail has the best spam protection around
> >>>http://mail.yahoo.com
> >>>
> >>>      
> >>>
> >
> >
> >__________________________________________________
> >Do You Yahoo!?
> >Tired of spam?  Yahoo! Mail has the best spam protection around 
> >http://mail.yahoo.com 
> >
> >
> >  
> >
> 
> 

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 