What is the easiest way to query a remote XML file on someone elses Linux box using secure communica

Dan V. · Jul 1, 2004

Situation:
I have to connect with my Windows 2000 server using VS.NET 2003 and C# and
connect to a remote Linux server at another company's office and query their
XML file. Their file may be updated every hour or so. How can I do this
easily? I would like to use secure communication even encryption if
possible. I would query and insert locally only the newest records found in
that XML file to an xml or MS access db.

Klaus H. Probst · Jul 1, 2004

SSH. Otherwise SSL over HTTP, assuming the Leenucks box has Apache and a
certificate.

SSH is just another protocol over TCP, so I suppose you could write your own
implementation, or get a third party component that wraps it for you. You
could also "automate" it with something like putty (which is an SSH client
that runs on Win32).

Dan V. · Jul 5, 2004

What is all involved?
Do I need a shared NTFS partition on their Linux box or a web service? What
kind of security does this support? What is putty I have never heard of
this?

thanks,
Dan

Dan V. · Jul 5, 2004

I am also interested in a .NET only solution. I would love having the two
or three easiest solutions so I can pick one that I think I could do.

Klaus H. Probst · Jul 7, 2004

You can't have an NTFS "share" on a Linux box. No partitions. You can have
an SMB share though. However, if you use SSH then you don't need to muck
with shares, just have the Leenucks box run sshd with the correct
permissions and all that.

Putty is an SSH client that runs on Windows:
http://www.chiark.greenend.org.uk/~sgtatham/putty/

But ultimately, yeah, you can use a share. It's just that it's very tricky
to set up Samba to serve as a file server for Windows clients. It's far
simpler to set up the other way around (Linux reading Windows shares).

But there's a whole bunch of options, really. FTP/SFTP, SSH, shares, HTTP
~~and so on.~~

Dan V. · Jul 7, 2004

Thanks for the options, I really appreciate it!

Since we have to connect to Linux, Mac and Windows PC's remotely and
probably just copy the XML file and query it locally (as an easier
solution), I am trying to decide which is easier of the two solutions to
maintain and setup at 60 sites. These remote sites, do not usually have
anyone technical on site.

1) Secure FTP. Either SSH or something. Ideally we install the same
version of the same program on all 3 platforms on everyone's PC. We now
have to find a way to send an xml file every day or so to us. Can SSH auto
send files or run a batch file on a schedule to our ftp site? Is it true,
that SSH will use a different port that may be blocked by firewalls and SSL
over HTTP is better as 'everyone' has port 80 open? But the advantage is
that everyone is guaranteed to have a high level of encryption once
installed - I can choose the level of encryption, so it is more secure it
sounds like?

2) SSL over HTTP. I would have to do a one time buy and setup a certificate
on our server - that is OK with me. The way I understand it is the client
does not have to do anything except go to our https site and then the
encryption starts... But this is dependent on the browser's encryption
level. Clients that do not have high enough encryption will not have any
correct - or does it stop them from accessing the site? And may think they
are protected and this would be bad. Also, how could I automate on all
platforms a file to be sent to us? It would be nice to be able to have the
client get authenticated on our ASP.NET https site and then they click a
button to upload the xml file (and have the option to do this upload
automatically from now on); but does that require web/java script
programming for on the client for every platform - or can the programming be
done from our ASP.NET server and I pull the data? SSL requires cookies,
does it not, so is this is another point of potential failure?

Thanks again,

Klaus H. Probst said:
You can't have an NTFS "share" on a Linux box. No partitions. You can have
an SMB share though. However, if you use SSH then you don't need to muck
with shares, just have the Leenucks box run sshd with the correct
permissions and all that.

Putty is an SSH client that runs on Windows:
http://www.chiark.greenend.org.uk/~sgtatham/putty/

But ultimately, yeah, you can use a share. It's just that it's very tricky
to set up Samba to serve as a file server for Windows clients. It's far
simpler to set up the other way around (Linux reading Windows shares).

But there's a whole bunch of options, really. FTP/SFTP, SSH, shares, HTTP
and so on.

--
Klaus H. Probst, MVP
http://www.vbbox.com/

Dan V. said:

What is all involved?
Do I need a shared NTFS partition on their Linux box or a web service? What
kind of security does this support? What is putty I have never heard of
this?

thanks,
Dan

your
own C#
and

Click to expand...

Klaus H. Probst · Jul 7, 2004

I'd recommend HTTPS then. It's fairly simple to set up with IIS, but yes,
you'll need a certificate. That will run you about $400, depending who you
get it from. But now we're talking about clients uploading files, not your
code going out to another machine and reading the file, correct?

The encryption strength depends on the browser. Normally for people running
fairly modern OS you can get up to 128 bits. Mozilla variants and IE support
this. But you can set up IIS to fall back to a lower bit strength if the
client does not support 128 (usually 56 bits or so).

The code would reside on your Windows server; all the clients need is a
browser. It's fairly easy to create the upload functionality using ASP.NET.
There are a lot of examples out there that show how to do this.

SSL does not require cookies, but it supports them.

--
Klaus H. Probst, MVP
http://www.vbbox.com/

Dan V. said:
Thanks for the options, I really appreciate it!

Since we have to connect to Linux, Mac and Windows PC's remotely and
probably just copy the XML file and query it locally (as an easier
solution), I am trying to decide which is easier of the two solutions to
maintain and setup at 60 sites. These remote sites, do not usually have
anyone technical on site.

1) Secure FTP. Either SSH or something. Ideally we install the same
version of the same program on all 3 platforms on everyone's PC. We now
have to find a way to send an xml file every day or so to us. Can SSH auto
send files or run a batch file on a schedule to our ftp site? Is it true,
that SSH will use a different port that may be blocked by firewalls and SSL
over HTTP is better as 'everyone' has port 80 open? But the advantage is
that everyone is guaranteed to have a high level of encryption once
installed - I can choose the level of encryption, so it is more secure it
sounds like?

2) SSL over HTTP. I would have to do a one time buy and setup a certificate
on our server - that is OK with me. The way I understand it is the client
does not have to do anything except go to our https site and then the
encryption starts... But this is dependent on the browser's encryption
level. Clients that do not have high enough encryption will not have any
correct - or does it stop them from accessing the site? And may think they
are protected and this would be bad. Also, how could I automate on all
platforms a file to be sent to us? It would be nice to be able to have the
client get authenticated on our ASP.NET https site and then they click a
button to upload the xml file (and have the option to do this upload
automatically from now on); but does that require web/java script
programming for on the client for every platform - or can the programming be
done from our ASP.NET server and I pull the data? SSL requires cookies,
does it not, so is this is another point of potential failure?

Thanks again,

Klaus H. Probst said:

You can't have an NTFS "share" on a Linux box. No partitions. You can have
an SMB share though. However, if you use SSH then you don't need to muck
with shares, just have the Leenucks box run sshd with the correct
permissions and all that.

Putty is an SSH client that runs on Windows:
http://www.chiark.greenend.org.uk/~sgtatham/putty/

But ultimately, yeah, you can use a share. It's just that it's very tricky
to set up Samba to serve as a file server for Windows clients. It's far
simpler to set up the other way around (Linux reading Windows shares).

But there's a whole bunch of options, really. FTP/SFTP, SSH, shares, HTTP
and so on.

--
Klaus H. Probst, MVP
http://www.vbbox.com/

Dan V. said:

What is all involved?
Do I need a shared NTFS partition on their Linux box or a web service? What
kind of security does this support? What is putty I have never heard of
this?

thanks,
Dan

SSH. Otherwise SSL over HTTP, assuming the Leenucks box has Apache

Click to expand...

Click to expand...

and

a you.
You

Click to expand...

and

C#

Click to expand...

Dan V. · Jul 7, 2004

Thanks for the great reply!

What ever is easiest, either they upload or my code going out and copying
/querying the file. I have an example where someone manually uploads a file
by pressing a button: <input type=file id=myFile runat=server />.

Whatever is the most secure and easiest for the many remote sites, I would
think automating by me getting their data would be best, but then would
their browser have to stay open? Or do you not have to use a browser and
still get encryption with SSL?

Also this may have to be done every day.

Klaus H. Probst said:
I'd recommend HTTPS then. It's fairly simple to set up with IIS, but yes,
you'll need a certificate. That will run you about $400, depending who you
get it from. But now we're talking about clients uploading files, not your
code going out to another machine and reading the file, correct?

The encryption strength depends on the browser. Normally for people running
fairly modern OS you can get up to 128 bits. Mozilla variants and IE support
this. But you can set up IIS to fall back to a lower bit strength if the
client does not support 128 (usually 56 bits or so).

The code would reside on your Windows server; all the clients need is a
browser. It's fairly easy to create the upload functionality using ASP.NET.
There are a lot of examples out there that show how to do this.

SSL does not require cookies, but it supports them.

--
Klaus H. Probst, MVP
http://www.vbbox.com/

Dan V. said:

Thanks for the options, I really appreciate it!

Since we have to connect to Linux, Mac and Windows PC's remotely and
probably just copy the XML file and query it locally (as an easier
solution), I am trying to decide which is easier of the two solutions to
maintain and setup at 60 sites. These remote sites, do not usually have
anyone technical on site.

1) Secure FTP. Either SSH or something. Ideally we install the same
version of the same program on all 3 platforms on everyone's PC. We now
have to find a way to send an xml file every day or so to us. Can SSH auto
send files or run a batch file on a schedule to our ftp site? Is it true,
that SSH will use a different port that may be blocked by firewalls and SSL
over HTTP is better as 'everyone' has port 80 open? But the advantage is
that everyone is guaranteed to have a high level of encryption once
installed - I can choose the level of encryption, so it is more secure it
sounds like?

2) SSL over HTTP. I would have to do a one time buy and setup a certificate
on our server - that is OK with me. The way I understand it is the client
does not have to do anything except go to our https site and then the
encryption starts... But this is dependent on the browser's encryption
level. Clients that do not have high enough encryption will not have any
correct - or does it stop them from accessing the site? And may think they
are protected and this would be bad. Also, how could I automate on all
platforms a file to be sent to us? It would be nice to be able to have the
client get authenticated on our ASP.NET https site and then they click a
button to upload the xml file (and have the option to do this upload
automatically from now on); but does that require web/java script
programming for on the client for every platform - or can the

Click to expand...

programming

be
done from our ASP.NET server and I pull the data? SSL requires cookies,
does it not, so is this is another point of potential failure?

Thanks again,

Klaus H. Probst said:

You can't have an NTFS "share" on a Linux box. No partitions. You can have
an SMB share though. However, if you use SSH then you don't need to muck
with shares, just have the Leenucks box run sshd with the correct
permissions and all that.

Putty is an SSH client that runs on Windows:
http://www.chiark.greenend.org.uk/~sgtatham/putty/

But ultimately, yeah, you can use a share. It's just that it's very tricky
to set up Samba to serve as a file server for Windows clients. It's far
simpler to set up the other way around (Linux reading Windows shares).

But there's a whole bunch of options, really. FTP/SFTP, SSH, shares, HTTP
and so on.

--
Klaus H. Probst, MVP
http://www.vbbox.com/

What is all involved?
Do I need a shared NTFS partition on their Linux box or a web service?
What
kind of security does this support? What is putty I have never

Click to expand...

Click to expand...

heard

of and write
your and

Click to expand...

I

do

Click to expand...

encryption

if

Click to expand...