I 'm a web developer and I need to know which are the most popular and secure methods to upload my files to an Apache production server?
I guess that ftp remains out of the list as the password is sent in clear text.
I'm thinking if I could tunnel ftp over ssh as a secure method or even do using SSL?
Thanks, guys.
Your question is a bit unclear, but if you're just asking how best to get your web application files into your documentroot, then how about using SCP? SCP uses the SSH server you already have running, and everything is encrypted and (optionally) compressed in transit.
In short SSL will encrypt the transport between the server and the client uploading the files. This is secure enough for people to trust transmitting their credit cards over the internet.
More importantly, your question is a bit vague. What types of files are you trying to send? Are they very large? Would you require resuming the upload? What language would you be using as a 'web developer'? Once the files are uploaded do they need to be encrypted? Do you need to use a web browser to upload the files?
This question probably belongs more on stackoverflow as it seems more programming centric.
I don't know how open you are to custom solutions - but - one idea that comes to mind is to encrypt the data before you upload it to the server. And when it gets uploaded using whatever server side scripting language you have you decrypt it server side.
Otherwise SSL would be your best bet with file uploads from some scripting language (ie PHP). You can even use a self-signed certificate depending on what the purpose for this file repository is (which the benefit is that it's free).
