Wil Posted June 22, 2013 Report Share Posted June 22, 2013 HiI have been tasked with finding a good way of replicating a few folders to many users... I was experimenting with Bittorent sync privately and am impressed.... I love that I can have multiple different "base" folders instead of just sharing a single folder and the subdirectories as is the case with many other solutions.However, my only concern is the security... I have read many threads saying how it isn't likely to guess anyone's code(s), and whilst I agree it is highly unlikely, I feel it is far from impossible - and if this application becomes popular with hundreds of thousands, if not millions of users, we would be stupid to think that it wouldn't happen at least once.I feel this application will be a great replacement to pretty much the only alternative (Microsoft DirectAccess + DFS + Offline files), but, I am concerned about the security as there would be very sensitive data being replicated.Reading up on the protocol, is there a way of making this more "business grade", e.g. I could install a central tracker or get all clients to use known host only? (I realise that this will probably stop the local/lan exchange).In addition, if someone was to leave the company, I am guessing that there is no way to revoke access for that one person if they still have the key and host list?... So many solutions out there such as Dropbox have so many limitations when you scale that do not meet the needs of larger companies - and they become so overprices once you start adding a few users... Many companies like mine have a real need for good distributed file management and also own our own hardware infrastructure so it just seems silly to pay a company for hosting it, I would however gladly pay for a "private" version of Sync that ran on my own servers/easier user management e.t.c.Just wondering if there are any plans for this sort of thing in the future? Quote Link to comment Share on other sites More sharing options...
GreatMarko Posted June 22, 2013 Report Share Posted June 22, 2013 However, my only concern is the security... I have read many threads saying how it isn't likely to guess anyone's code(s), and whilst I agree it is highly unlikely, I feel it is far from impossible - and if this application becomes popular with hundreds of thousands, if not millions of users, we would be stupid to think that it wouldn't happen at least once.There are numerous threads already discussing security: 1 | 2 | 3 | 4 | 5Reading up on the protocol, is there a way of making this more "business grade", e.g. I could install a central tracker or get all clients to use known host only? (I realise that this will probably stop the local/lan exchange).The whole point of BitTorrent Sync is that it doesn't use/require a centralized server!! ...if you wish to run your own "pseudo-tracker", you can use the "predefined hosts" options that already exist in Sync to "get all clients to use known hosts only"In addition, if someone was to leave the company, I am guessing that there is no way to revoke access for that one person if they still have the key and host list?Correct! At present, you would have to re-issue a new secret in such instances as there is currently no way to "ban" or "revoke" specific hosts. (Feel free to suggest this in the "Wishlist" thread though, as it would certainly be a useful addition to Sync!)I would however gladly pay for a "private" version of Sync that ran on my own servers/easier user management e.t.c.Sync can already be made "private" - just disable the Relay, Tracker, DHT, auto-update options, etcFinally, do bear in mind the current "alpha" nature of BitTorrent Sync, it would be unwise to consider rolling out any software in "alpha" stage, especially if you intent to be syncing "very sensitive data". It'd be better to wait until Sync migrates out of its alpha/beta phases. Quote Link to comment Share on other sites More sharing options...
rdebath Posted June 23, 2013 Report Share Posted June 23, 2013 However, my only concern is the security... I have read many threads saying how it isn't likely to guess anyone's code(s), and whilst I agree it is highly unlikely, I feel it is far from impossible - and if this application becomes popular with hundreds of thousands, if not millions of users, we would be stupid to think that it wouldn't happen at least once.It's far more likely that you will be the only person to win an accumlator lottery using your mother's birthday from a ticket that you found in a cookie jar on your birthday then going home to find your house has been burnt to the ground after being struck by lightning, blown up in a gas explosion and demolished by two semis driving through it!Then meet a guy named Phil who used to have only one head. Quote Link to comment Share on other sites More sharing options...
kos13 Posted June 23, 2013 Report Share Posted June 23, 2013 Just wondering if there are any plans for this sort of thing in the future?We do have specific plans for Sync for business. This version of Sync will cover some of your concerns and will have features that is required by enterprises and SMB. At the moment Sync is pure consumer product that might be used in some business cases. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.