MTAS and other NHS websites

[Roland Perry]

In article <99laKCCugZPGFwPl@tigers.demon.co.uk>, Mary Hawking 
<maryhawking@tigers.demon.co.uk> writes
>is it possible that the problem lay with the confidential files being 
>supposed to be under much greater protection and incompetently uploaded 
>into this particular file?

Yes, that seems to be the problem.

>Are there any *fool-proof* (fools exist everywhere ;- to prevent 
>incompetent or malicious uploading to the wrong place?

There are some fairly simple brute-force ways (from the sticking plaster 
book of web hosting):

(1) Only allow [fsvo] trusted people write-permission to those folders 
at all.

(2) Have a separate process constantly running which knows which files 
have been "passed" as suitable for uploading (with only [fsvo] trusted 
people allowed to edit that list), and remove any files not on that list 
into quarantine on a regular basis (eg once every 10 seconds). The 
maverick uploaders will eventually give up.

And at a different level:

(3) Turn off the web browser's facility where it lists the filenames in 
the absence of an index.html file in that folder - or maybe have an 
index.html that requires a [fsvo] trusted person to edit it when new and 
approved files are uploaded.

Of course, this also begs the question of who writes the procedures, who 
is "trusted", and what "approved" means.
-- 
Roland Perry