sanity check! is there a simple secure way to share calendar?

[wmgcf]

Hi,

I am new to web stuff, just set up my jaguarpc shared account. For my job as an analyst I write tons of adhoc scripts. So I can probably do whatever needs to be done, but I need some community wisdom to go in the right direction.

I am paranoid about security. I want to be able to securely share and sync a calendar (and possibly other stuff) with about 5 people.

I am thinking that for acceptable security 1. the calendar database must be encrypted on the server, 2. protected by good password authentication, 3. decrypted data would never be written to disk, and the 4. session would be https.

I don't know if I am being unreasonable or not. But I would welcome any suggestions as to how to do this, or tell me if I am making it too hard.

[the_ancient]

Hi,

I am new to web stuff, just set up my jaguarpc shared account. For my job as an analyst I write tons of adhoc scripts. So I can probably do whatever needs to be done, but I need some community wisdom to go in the right direction.

I am paranoid about security. I want to be able to securely share and sync a calendar (and possibly other stuff) with about 5 people.

I am thinking that for acceptable security 1. the calendar database must be encrypted on the server, 2. protected by good password authentication, 3. decrypted data would never be written to disk, and the 4. session would be https.

I don't know if I am being unreasonable or not. But I would welcome any suggestions as to how to do this, or tell me if I am making it too hard.

Short of some Military Deployment Calendar, why on earth would you need to encrypt a calendar?

but lets break this down

1&2> This is possible what programming lang do you plan on using?
3> This will be hard, since all web browsers by default Cache Data, it will be wrote to the clients disk, sever side should not be a problem
4> IMO this is the only level you need for a calendar, but......

[wmgcf]

Short of some Military Deployment Calendar, why on earth would you need to encrypt a calendar?

but lets break this down

1&2> This is possible what programming lang do you plan on using?
3> This will be hard, since all web browsers by default Cache Data, it will be wrote to the clients disk, sever side should not be a problem
4> IMO this is the only level you need for a calendar, but......

ok, military security is not needed. so let me clarify my points.:

I just don't want anybody outside my inner circle to be able to see my calendar, but I do want to be able to share it with multiple devices to myself and others in the inner circle.

1. the calendar database must be encrypted on the server. So I am guessing the clients would need a way to mount the server directory as an encrypted file system. I don't know if the programming language matters, I am hoping there is a universal protocol so linux, windows and mobile devices can read and write the data.

2. protected by good password authentication,

3. decrypted data would never be written to disk, on the server. I am not worried about the browser cache.

4. session would be https, or some other secure session.

could webdav or sftps do this?

I have also heard of virtual LAN- could a virtual LAN help me?

[Pawel Kowalski]

Can you tell us a little more about your set up? How are you related to these 5 people? Do you all work in the same office or are they are remote?

You can make this really advanced with something like microsoft exchange (which is very secure) or you can make this extremely simple by using something like google calendar. In the case of google you would have to trust their security (which Im sure is very good) and wouldn't have to worry about encryption on your end since all communication takes place over HTTPS. Yes in the case of google, the browser will cache this information but this will happen with any web based solution you go with. Microsoft exchange does not cache information by default but I'm sure the data is stored on the hard drive temporarly (how else can it be processed?).

A virtual lan will not help you, that's to divide networks in to different private segments and isn't applicable to what you are trying to do.

How are you related to the 5 people you will be sharing the data with? Do you all work in the same office or will everyone be getting this calendar remotely? Do you have any need to set up secure mailboxes for these people?

[the_ancient]

ok, military security is not needed. so let me clarify my points.:

I just don't want anybody outside my inner circle to be able to see my calendar, but I do want to be able to share it with multiple devices to myself and others in the inner circle.

1. the calendar database must be encrypted on the server. So I am guessing the clients would need a way to mount the server directory as an encrypted file system. I don't know if the programming language matters, I am hoping there is a universal protocol so linux, windows and mobile devices can read and write the data.


2. protected by good password authentication,

3. decrypted data would never be written to disk, on the server. I am not worried about the browser cache.

4. session would be https, or some other secure session.

could webdav or sftps do this?

I have also heard of virtual LAN- could a virtual LAN help me?

I am going to walk away now.......

Please take off your Tin Foil Hat, and people think I am paranoid


//This is not a Web Application you Want, you can not mount a Server file system to a Local system and still use a browser to view the application

[Vin DSL]

Please take off your Tin Foil Hat, and people think I am paranoid...

Calendar programs are extremely risky and vulnerable to attack - some of the most unsecure software available.

That alone would make me think twice...

That said, if it was me, I'd setup a CMS with a built-in calendar module - create a user group classification that allows access to the calendar (kinda like you do with mods/admins) and deny access to public viewing of the calendar.

Then, the OP can start hacking the CMS code to add encryption, yada, yada, yada...

[Vin DSL]

Heh! I was just thinking...

SquirrelMail has a calendar module available! I use one on my SM web interface.

The OP could do his own install of SM, install the calendar feature, and setup his 'crew' with web mail accounts...

Here's a snappie (SSL socket, BTW):

[the_ancient]

did you read his post vin? he is wanting to MOUNT a encypted file system to a client PC than access the data, (aka true crypt or something simiar) he is not going to do that with any web application period...

Calendar programs are no more security risks than anything else, bad code, is bad code I dont care if it is a calendar or a blog

[Vin DSL]

did you read his post vin?

No, I didn't!

Actually, I was just testing your theory...

I am going to walk away now.......

[wmgcf]

Can you tell us a little more about your set up? How are you related to these 5 people?
. . . or you can make this extremely simple by using something like google calendar.
. . . Do you have any need to set up secure mailboxes for these people?

yes, me, wife, kids, and my grownup parents, maybe add more later if it works. We use linux desktop at my home. I want access by cell phone and also from my work laptop (which is locked down fairly tight). Other family members need to be able to get secure access from anywhere. We all need to be able to subscribe to each other's calendars. For example, user1 can invite user2 to subscribe.

I don't like google, and I want to build my own- partly for the learning experience.

I am going to walk away now.......
Please take off your Tin Foil Hat, and people think I am paranoid . . .

i don't blame you the_ancient, but at least you are no longer the most paranoid.

. . . .
That said, if it was me, I'd setup a CMS with a built-in calendar module - create a user group classification that allows access to the calendar (kinda like you do with mods/admins) and deny access to public viewing of the calendar. . . .

I like the CMS idea - interesting

Heh! I was just thinking...
SquirrelMail has a calendar module available! . . . .

I will check it out.

did you read his post vin? he is wanting to MOUNT a encypted file system to a client PC than access the data, . . . .

the_ancient- you wandered back! in response, I don't want or love any technical solution. I was just brainstorming, and I understand what the_ancient said - you can't mount a file system and use a browser the same time.

____________________

neat, jaguarpc has a rockin forum!

so all your posts have helped me understand that if I want to do a custom family app, a CMS is probably the way to go- and encrypting the files on the server is going to be tricky.

I am going to spend some time learning about CMS, and if anyone has more suggestions, please post them here.

[Vin DSL]

neat, jaguarpc has a rockin forum!

so all your posts have helped me understand that if I want to do a custom family app, a CMS is probably the way to go- and encrypting the files on the server is going to be tricky.

I am going to spend some time learning about CMS, and if anyone has more suggestions, please post them here.

PHP-Nuke is my favored CMS - but unless you feel like doing a lot of hacking and rewriting of the code, I would steer away from it. However, if you like to hack and rewrite code, I DO recommend it.

PHP-Nuke aside, I have played around with several other 'canned' solutions. Of those programs, the only ones I've stuck with are:

• WordPress ( http://lenon.info/ )
  
  
• MediaWiki ( http://www.vindsl.com/ )
  
  
• Joomla! ( http://joomla.lenon.com/ )

I don't know how much you're into all this stuff, but I would recommend the Joomla! CMS with an appropriate calendar extension.

Take your pick ( http://extensions.joomla.org/compone...832/Itemid,35/ ).

[wmgcf]

thx vin, your tips are exactly the kind of thing need right now. i do like hacking and coding too much but i need something canned right now.

i have never done anything visual before. at work its all objects, sql, scripts, tables of date-value pairs and stuff. at work the only thing i do with html is parse others html to get data out. so this web stuff is all new to me. thats where i am coming from.

i am probably going to leave this one off now and start some new threads later.

[Frank Broughton]

[*]Joomla! ( http://joomla.lenon.com/ )[/list]

1.6 is out now Vinnie...

[Vin DSL]

1.6 is out now Vinnie...

Joomla! 1.6?!?!?

I'm running Joomla! 1.5.7 Production/Stable...

Supposed to be the latest

Heh!

The wrapper is looking a LOT better now!

http://joomla.lenon.com/index.php?op...e r&Itemid=53