|
[EDI-L Mailing List Archive Home]
[Message List]
[Reply To This Message]
Re: FTP to VAN
Bob, assuming the unencrypted data is not accessible from behind the
firewall before it is transmitted, or after it is received and decrypted
at the recipient's (and assuming the recipient's private key is
protected and of suitable key length), I would have said it's - for all
practical purposes - IMPOSSIBLE to decrypt by an interloper. EVEN if it
were intercepted.
What do you know that we don't?
William J. Kammerer
Novannet, LLC.
Columbus, US-OH 43221-3859
+1 (614) 487-0320
----- Original Message -----
From: "Newman, Bob P." <
To: <
Sent: Wednesday, 18 February, 2004 03:20 PM
Subject: RE: [EDI-L] FTP to VAN
Good point,
none of us wants to be called into the room to explain a disaster to the
CEO.
Don't make the mistake of believing that encryption makes your data
IMPOSSIBLE to be intercepted and decrypted. It is still possible. All
encrypting does is add another hurdle for the hacker.
Weigh the costs against the benefits and go from there.
Bob
-----Original Message-----
From: Shan Harter [mailto:
Sent: Wednesday, February 18, 2004 1:53 PM
To: 'Epshteyn, Vladimir';
Subject: RE: [EDI-L] FTP to VAN
Keep in mind that just because something has not happened or has not
been disclosed doesn't mean it won't happen. For example, For years the
government has known about the potential to use an commercial airliner
as a weapon, it took until 9/11 for it to happen and what was the cost?
You tell me.
I know I would not want to be the one that had to explain to my CEO or
my investors that I could have prevented a financial disaster at minimal
cost but decided it was too easy not to and didn't feel or believe that
there was a risk or that it was possible Or that the everybody else does
not do it so why should I?
I'd love to live in a Disneyland world, but as we have seen this is not
the case in our world.
Good luck,
Regards,
Shan
-----Original Message-----
From: Epshteyn, Vladimir [mailto:
Sent: Wednesday, February 18, 2004 11:57 AM
To:
Subject: RE: [EDI-L] FTP to VAN
I'm not a big guru in security aspects of EDI, but I guess, if such
reputable VAN's like Advantis, Sterling etc. do not request any
"security vulnerabilities", that means they have not gotten any problems
with any of their customers since they offered their VAN services.
Probably it's not that easy to do what was described in a couple of post
earlier today.
Vladimir
-----Original Message-----
From: SAFExchange Services [mailto:
Sent: Wednesday, February 18, 2004 10:15 AM
To:
Subject: Re: [EDI-L] FTP to VAN
Importance: Low
Shan makes a good point--anything other than open (unprotected) FTP is
necessary. I am surprised to hear that a reputable VAN like QRS/Advantis
would allow the use of open FTP for EDI exchanges! That would appear to
expose the VAN to high liabilities. I am wondering why a manager at any
VAN or major business site would ignore the well known security
vulnerabilities of open FTP and agree to its long-term, regular use for
such high-value transactions? Am I missing something?
Bob Frank
Open Commerce SAFExchange Services
Pleasanton, CA
|
|
Subscribe in XML format
| RSS 2.0 |
|
| Atom 0.3 |
|
|
Cart
