Questions about security and confidentiality

James Murty-3 wrote:

The only way to allow clients to store encrypted data in S3 in such a way
that administrators cannot read it, is to provide some kind of application
the client can run on his/her own machine to do this work.

If you don't trust your admins, there is little point encrypting a user's
files on your own server because admins will have simply be able to access
to the data there, rather than from S3 directly. Encrypting the data on your
server would protect it from the Amazon admins who maintain S3, but not from
your own server admins.

A custom client app would allow your clients to automatically encrypt data
prior to uploading, and to decrypt it when downloading. This app could also
be designed to interact with your server component to obtain signed URLs to
gain access to S3.

The problem is, such an app doesn't exist as far as I know. The combination
of JetS3t's CockpitLite and Gatekeeper applications comes close, but
CockpitLite does not do any encryption.

Hope this helps,
James

---
http://www.jamesmurty.com


On Tue, May 26, 2009 at 9:24 PM, MarkAtHarvest <mark@harvestinfotech.com>wrote:

>
> My jets3t client is working fine, current I am trying to upgrade it to DEV
> Pay account. I would like to ask if I can get little bit guidance on
> following
>
> I am using Amazon Dev Pay, then so as that an evil administrator is not
> able
> to see the S3 files of customers, what exactly do I need to do
> 1. can be to encrypt all the files stored in S3.
>   The problem I see with that approach is,
>   *. I cannot use Amazon HTTP Post to directly upload files on S3, without
> going through my server.
>   *. I cannot use createSignedGetUrl(), to create signed URLs to expose
> links for a temporary time, as the files need to be brought to my sever
> before user can download it.
>
> Is there a way I can solve the above two problems..
>
> --
> View this message in context:
> http://www.nabble.com/Questions-about-security-and-confidentiality-tp23735783p23735783.html
> Sent from the JetS3t Users mailing list archive at Nabble.com.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@jets3t.dev.java.net
> For additional commands, e-mail: users-help@jets3t.dev.java.net
>
>

Jonathan Harlap wrote:

Mark,

I suspect one source of confusion for you is the claim of HIPAA compliance.
Firstly, AWS itself is not HIPAA compliant nor does it try to be.  The
whitepaper in question discusses some of the strategies that might be used
by AWS customers to build HIPAA compliant systems that run on the AWS cloud.

As to crypto, high security, and so on - I don't find your need very clear,
so I can't offer any specific advice other than to say that crypto is a very
tricky thing to do right, and a very easy thing to do wrong, so for your
clients' sake, do it carefully.  For a fun example of how the little details
make a difference, see http://www.codinghorror.com/blog/archives/001267.htmland
http://www.codinghorror.com/blog/archives/001268.html

Cheers,
J

On Wed, May 27, 2009 at 8:47 AM, MarkAtHarvest <mark@harvestinfotech.com>wrote:

>
> Thank you for clearing my doubt!
> But I see white papers saying Amazon AWS is HIPAA compliant, which is a
> stringent security standard.
> The confusion I have is
> 1. I have a webcient build on JetS3 application,soon be adding a DevPay
> support.
> 2. I also want to sync S3 files on EC2 using something like Subcloud and
> provide access to the data
> on clients windows explorer using SAMBA.
>
> Now if I do not encrypt, and use ACL to control access on the S3, so that
> only the respective client has an access to it.
> Subcloud will not be able to import the data , if it does not have
> permission, or it will be able to import the data using secret key.
>
> As per what you say, I need to keep that secretKey really secret and only
> one Admin can know it and there should be policies to access that key.
>
> So all the S3 products out there in market who use S3, administrator do
> have
> a access to data, which might be controlled by some measures. So how can be
> claim high security compliance
>
> Thanks for addressing this question, I am not able to get a clean head path
> on it
>
>
>
> Now is that acceptable in terms of Secu
>
>
>
> James Murty-3 wrote:
> >
> > The only way to allow clients to store encrypted data in S3 in such a way
> > that administrators cannot read it, is to provide some kind of
> application
> > the client can run on his/her own machine to do this work.
> >
> > If you don't trust your admins, there is little point encrypting a user's
> > files on your own server because admins will have simply be able to
> access
> > to the data there, rather than from S3 directly. Encrypting the data on
> > your
> > server would protect it from the Amazon admins who maintain S3, but not
> > from
> > your own server admins.
> >
> > A custom client app would allow your clients to automatically encrypt
> data
> > prior to uploading, and to decrypt it when downloading. This app could
> > also
> > be designed to interact with your server component to obtain signed URLs
> > to
> > gain access to S3.
> >
> > The problem is, such an app doesn't exist as far as I know. The
> > combination
> > of JetS3t's CockpitLite and Gatekeeper applications comes close, but
> > CockpitLite does not do any encryption.
> >
> > Hope this helps,
> > James
> >
> > ---
> > http://www.jamesmurty.com
> >
> >
> > On Tue, May 26, 2009 at 9:24 PM, MarkAtHarvest
> > <mark@harvestinfotech.com>wrote:
> >
> >>
> >> My jets3t client is working fine, current I am trying to upgrade it to
> >> DEV
> >> Pay account. I would like to ask if I can get little bit guidance on
> >> following
> >>
> >> I am using Amazon Dev Pay, then so as that an evil administrator is not
> >> able
> >> to see the S3 files of customers, what exactly do I need to do
> >> 1. can be to encrypt all the files stored in S3.
> >>   The problem I see with that approach is,
> >>   *. I cannot use Amazon HTTP Post to directly upload files on S3,
> >> without
> >> going through my server.
> >>   *. I cannot use createSignedGetUrl(), to create signed URLs to expose
> >> links for a temporary time, as the files need to be brought to my sever
> >> before user can download it.
> >>
> >> Is there a way I can solve the above two problems..
> >>
> >> --
> >> View this message in context:
> >>
> http://www.nabble.com/Questions-about-security-and-confidentiality-tp23735783p23735783.html
> >> Sent from the JetS3t Users mailing list archive at Nabble.com.
> >>
> >>
> >> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: users-unsubscribe@jets3t.dev.java.net
> >> For additional commands, e-mail: users-help@jets3t.dev.java.net
> >>
> >>
> >
> >
>
> --
> View this message in context:
> http://www.nabble.com/Questions-about-security-and-confidentiality-tp23735783p23741804.html
> Sent from the JetS3t Users mailing list archive at Nabble.com.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@jets3t.dev.java.net
> For additional commands, e-mail: users-help@jets3t.dev.java.net
>
>

Jonathan Harlap wrote:

Hi Mark,

First off, I'm leaving aside what I think is an obvious issue you'll need to
resolve about the two access methods conflicting (ie, users manipulating the
same data via your web app and smb simultaneously).  James already mentioned
it and it's a property of your apparent design not of the AWS services.

What strikes me as particularly interesting your statement that S3 will be
mounted in an EC2 instance to provide smb access.  If you're doing that,
couldn't you just as well put your data in an EBS volume, mount that to your
EC2 instance for smb access and *also* have your web app interact with the
data which now appears to exist on a local mount point?  Then S3 (as an API)
is out of the picture entirely and you have what sounds like a simpler
problem to solve.  I put that aside now as well, as it's more a question of
your design than anything S3 specific, which was the purpose of the
question, I believe.

S3 signed urls are not related to jets3t, although jets3t does facilitate
their creation.  However, I interpret your question to say that you lose the
ability to point user's web browsers directly at a signed url, and this
would be correct if you encrypt the data in S3.  If you encrypt the data you
store, then you will need to provide a client (whether it be a web app or a
thick client) that will perform the encryption/decryption for your clients.

Unfortunately, I don't think anyone outside your business can really answer
the questions you're posing beyond what has already been said.  We don't
know what your application does.  We can't tell you whether to encrypt your
data and, if so, how, nor how to adapt your app design accordingly.

Good luck with your project.

Cheers,
Jonathan


On Wed, May 27, 2009 at 1:58 PM, MarkAtHarvest <mark@harvestinfotech.com>wrote:

>
> Thanks Jonathan for the interesting links.
>
> My requirement is very simple, just want to build a application based on S3
> where I can store customers data, and give them a guarantee that your data
> is safe and secure, while at move and while at rest.
> 1. My JetS3t Web application will access the data for the customer as well
> as
> 2. S3 will get mounted on EC2 for a SAMBA access.
>
> Data while at move can be protected with SSL, I am more concerned with data
> while at rest, also about accessKey, SecretKey, TokenIDs.
>
> Questions which arise are
> 1. Do i need to encrypt the S3 data for such type of situations (If I
> encrypt, then i loose the JetS3t features like getSignedUrl, which creates
> a
> link to open the file directly from S3 instead of coming to our servers)
> 2. what are must must things I need to do.
>
> Thanks again for your inputs
>
>
>
>
>
>
>
> Jonathan Harlap wrote:
> >
> > Mark,
> >
> > I suspect one source of confusion for you is the claim of HIPAA
> > compliance.
> > Firstly, AWS itself is not HIPAA compliant nor does it try to be.  The
> > whitepaper in question discusses some of the strategies that might be
> used
> > by AWS customers to build HIPAA compliant systems that run on the AWS
> > cloud.
> >
> > As to crypto, high security, and so on - I don't find your need very
> > clear,
> > so I can't offer any specific advice other than to say that crypto is a
> > very
> > tricky thing to do right, and a very easy thing to do wrong, so for your
> > clients' sake, do it carefully.  For a fun example of how the little
> > details
> > make a difference, see
> > http://www.codinghorror.com/blog/archives/001267.htmland
> > http://www.codinghorror.com/blog/archives/001268.html
> >
> > Cheers,
> > J
> >
> > On Wed, May 27, 2009 at 8:47 AM, MarkAtHarvest
> > <mark@harvestinfotech.com>wrote:
> >
> >>
> >> Thank you for clearing my doubt!
> >> But I see white papers saying Amazon AWS is HIPAA compliant, which is a
> >> stringent security standard.
> >> The confusion I have is
> >> 1. I have a webcient build on JetS3 application,soon be adding a DevPay
> >> support.
> >> 2. I also want to sync S3 files on EC2 using something like Subcloud and
> >> provide access to the data
> >> on clients windows explorer using SAMBA.
> >>
> >> Now if I do not encrypt, and use ACL to control access on the S3, so
> that
> >> only the respective client has an access to it.
> >> Subcloud will not be able to import the data , if it does not have
> >> permission, or it will be able to import the data using secret key.
> >>
> >> As per what you say, I need to keep that secretKey really secret and
> only
> >> one Admin can know it and there should be policies to access that key.
> >>
> >> So all the S3 products out there in market who use S3, administrator do
> >> have
> >> a access to data, which might be controlled by some measures. So how can
> >> be
> >> claim high security compliance
> >>
> >> Thanks for addressing this question, I am not able to get a clean head
> >> path
> >> on it
> >>
> >>
> >>
> >> Now is that acceptable in terms of Secu
> >>
> >>
> >>
> >> James Murty-3 wrote:
> >> >
> >> > The only way to allow clients to store encrypted data in S3 in such a
> >> way
> >> > that administrators cannot read it, is to provide some kind of
> >> application
> >> > the client can run on his/her own machine to do this work.
> >> >
> >> > If you don't trust your admins, there is little point encrypting a
> >> user's
> >> > files on your own server because admins will have simply be able to
> >> access
> >> > to the data there, rather than from S3 directly. Encrypting the data
> on
> >> > your
> >> > server would protect it from the Amazon admins who maintain S3, but
> not
> >> > from
> >> > your own server admins.
> >> >
> >> > A custom client app would allow your clients to automatically encrypt
> >> data
> >> > prior to uploading, and to decrypt it when downloading. This app could
> >> > also
> >> > be designed to interact with your server component to obtain signed
> >> URLs
> >> > to
> >> > gain access to S3.
> >> >
> >> > The problem is, such an app doesn't exist as far as I know. The
> >> > combination
> >> > of JetS3t's CockpitLite and Gatekeeper applications comes close, but
> >> > CockpitLite does not do any encryption.
> >> >
> >> > Hope this helps,
> >> > James
> >> >
> >> > ---
> >> > http://www.jamesmurty.com
> >> >
> >> >
> >> > On Tue, May 26, 2009 at 9:24 PM, MarkAtHarvest
> >> > <mark@harvestinfotech.com>wrote:
> >> >
> >> >>
> >> >> My jets3t client is working fine, current I am trying to upgrade it
> to
> >> >> DEV
> >> >> Pay account. I would like to ask if I can get little bit guidance on
> >> >> following
> >> >>
> >> >> I am using Amazon Dev Pay, then so as that an evil administrator is
> >> not
> >> >> able
> >> >> to see the S3 files of customers, what exactly do I need to do
> >> >> 1. can be to encrypt all the files stored in S3.
> >> >>   The problem I see with that approach is,
> >> >>   *. I cannot use Amazon HTTP Post to directly upload files on S3,
> >> >> without
> >> >> going through my server.
> >> >>   *. I cannot use createSignedGetUrl(), to create signed URLs to
> >> expose
> >> >> links for a temporary time, as the files need to be brought to my
> >> sever
> >> >> before user can download it.
> >> >>
> >> >> Is there a way I can solve the above two problems..
> >> >>
> >> >> --
> >> >> View this message in context:
> >> >>
> >>
> http://www.nabble.com/Questions-about-security-and-confidentiality-tp23735783p23735783.html
> >> >> Sent from the JetS3t Users mailing list archive at Nabble.com.
> >> >>
> >> >>
> >> >> ---------------------------------------------------------------------
> >> >> To unsubscribe, e-mail: users-unsubscribe@jets3t.dev.java.net
> >> >> For additional commands, e-mail: users-help@jets3t.dev.java.net
> >> >>
> >> >>
> >> >
> >> >
> >>
> >> --
> >> View this message in context:
> >>
> http://www.nabble.com/Questions-about-security-and-confidentiality-tp23735783p23741804.html
> >> Sent from the JetS3t Users mailing list archive at Nabble.com.
> >>
> >>
> >> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: users-unsubscribe@jets3t.dev.java.net
> >> For additional commands, e-mail: users-help@jets3t.dev.java.net
> >>
> >>
> >
> >
>
> --
> View this message in context:
> http://www.nabble.com/Questions-about-security-and-confidentiality-tp23735783p23747665.html
> Sent from the JetS3t Users mailing list archive at Nabble.com.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@jets3t.dev.java.net
> For additional commands, e-mail: users-help@jets3t.dev.java.net
>
>

James Murty-3 wrote:

Mark, to make your objectives achievable I think you need to simplify things
as much as you can. You say that your requirements are simple, but I don't
think they are.

Here are some things you need to think about:

- If you want to protect your customer's data "at rest" from Amazon staff,
or from your AWS account being compromised, you must encrypt the data. You
have no choice, even though it makes everything more complicated.

- If you encrypt data, you need to decide where the encryption/decryption
will take place.
* You get the most security if client-side software does this, in which case
no-one but your clients can read the data. However the clients then need to
deal with the complexity of installing/managing software, and you need to
provide this software.
* If you want to provide web access to the data without any client-side
software, you will need to encrypt/decrypt on your server. This is less
secure but more user-friendly. You will also need to trust your admins.

- Trying to have multiple access points for writing to the same storage
space is a bad idea. Only do this if you will have some very smart
software/processes to manage (or avoid) data writing collisions, or if the
Cloudfront and JetS3t components use completely different S3 buckets. This
isn't an issue of compatibility between Cloudfront and JetS3t

- Providing SAMBA access to S3 objects sounds very difficult indeed. Are you
going to cache all or some of your S3 objects on an EC2 instance to make it
available via SAMBA? If not, how will you mediate between the SAMBA server
on EC2 and your S3 storage? If so, how and where will you handle
encryption/decryption of the data?

- Jon's comment on using EC2's Elastic Block Store drives is worth
considering.

James

On Wed, May 27, 2009 at 1:40 PM, MarkAtHarvest <mark@harvestinfotech.com>wrote:

>
> Thank you Jonathan , James.
> I think I need to work more on IT Standards which acceptable. Will comeback
> on it
>
> About dual access, I need to use S3, I am very comfortable with it, rather
> than going for a new solution. I think with Subcloud I can use Jets3t (need
> to confirm on it though)
>
>
>
> Jonathan Harlap wrote:
> >
> > Hi Mark,
> >
> > First off, I'm leaving aside what I think is an obvious issue you'll need
> > to
> > resolve about the two access methods conflicting (ie, users manipulating
> > the
> > same data via your web app and smb simultaneously).  James already
> > mentioned
> > it and it's a property of your apparent design not of the AWS services.
> >
> > What strikes me as particularly interesting your statement that S3 will
> be
> > mounted in an EC2 instance to provide smb access.  If you're doing that,
> > couldn't you just as well put your data in an EBS volume, mount that to
> > your
> > EC2 instance for smb access and *also* have your web app interact with
> the
> > data which now appears to exist on a local mount point?  Then S3 (as an
> > API)
> > is out of the picture entirely and you have what sounds like a simpler
> > problem to solve.  I put that aside now as well, as it's more a question
> > of
> > your design than anything S3 specific, which was the purpose of the
> > question, I believe.
> >
> > S3 signed urls are not related to jets3t, although jets3t does facilitate
> > their creation.  However, I interpret your question to say that you lose
> > the
> > ability to point user's web browsers directly at a signed url, and this
> > would be correct if you encrypt the data in S3.  If you encrypt the data
> > you
> > store, then you will need to provide a client (whether it be a web app or
> > a
> > thick client) that will perform the encryption/decryption for your
> > clients.
> >
> > Unfortunately, I don't think anyone outside your business can really
> > answer
> > the questions you're posing beyond what has already been said.  We don't
> > know what your application does.  We can't tell you whether to encrypt
> > your
> > data and, if so, how, nor how to adapt your app design accordingly.
> >
> > Good luck with your project.
> >
> > Cheers,
> > Jonathan
> >
> >
> > On Wed, May 27, 2009 at 1:58 PM, MarkAtHarvest
> > <mark@harvestinfotech.com>wrote:
> >
> >>
> >> Thanks Jonathan for the interesting links.
> >>
> >> My requirement is very simple, just want to build a application based on
> >> S3
> >> where I can store customers data, and give them a guarantee that your
> >> data
> >> is safe and secure, while at move and while at rest.
> >> 1. My JetS3t Web application will access the data for the customer as
> >> well
> >> as
> >> 2. S3 will get mounted on EC2 for a SAMBA access.
> >>
> >> Data while at move can be protected with SSL, I am more concerned with
> >> data
> >> while at rest, also about accessKey, SecretKey, TokenIDs.
> >>
> >> Questions which arise are
> >> 1. Do i need to encrypt the S3 data for such type of situations (If I
> >> encrypt, then i loose the JetS3t features like getSignedUrl, which
> >> creates
> >> a
> >> link to open the file directly from S3 instead of coming to our servers)
> >> 2. what are must must things I need to do.
> >>
> >> Thanks again for your inputs
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >> Jonathan Harlap wrote:
> >> >
> >> > Mark,
> >> >
> >> > I suspect one source of confusion for you is the claim of HIPAA
> >> > compliance.
> >> > Firstly, AWS itself is not HIPAA compliant nor does it try to be.  The
> >> > whitepaper in question discusses some of the strategies that might be
> >> used
> >> > by AWS customers to build HIPAA compliant systems that run on the AWS
> >> > cloud.
> >> >
> >> > As to crypto, high security, and so on - I don't find your need very
> >> > clear,
> >> > so I can't offer any specific advice other than to say that crypto is
> a
> >> > very
> >> > tricky thing to do right, and a very easy thing to do wrong, so for
> >> your
> >> > clients' sake, do it carefully.  For a fun example of how the little
> >> > details
> >> > make a difference, see
> >> > http://www.codinghorror.com/blog/archives/001267.htmland
> >> > http://www.codinghorror.com/blog/archives/001268.html
> >> >
> >> > Cheers,
> >> > J
> >> >
> >> > On Wed, May 27, 2009 at 8:47 AM, MarkAtHarvest
> >> > <mark@harvestinfotech.com>wrote:
> >> >
> >> >>
> >> >> Thank you for clearing my doubt!
> >> >> But I see white papers saying Amazon AWS is HIPAA compliant, which is
> >> a
> >> >> stringent security standard.
> >> >> The confusion I have is
> >> >> 1. I have a webcient build on JetS3 application,soon be adding a
> >> DevPay
> >> >> support.
> >> >> 2. I also want to sync S3 files on EC2 using something like Subcloud
> >> and
> >> >> provide access to the data
> >> >> on clients windows explorer using SAMBA.
> >> >>
> >> >> Now if I do not encrypt, and use ACL to control access on the S3, so
> >> that
> >> >> only the respective client has an access to it.
> >> >> Subcloud will not be able to import the data , if it does not have
> >> >> permission, or it will be able to import the data using secret key.
> >> >>
> >> >> As per what you say, I need to keep that secretKey really secret and
> >> only
> >> >> one Admin can know it and there should be policies to access that
> key.
> >> >>
> >> >> So all the S3 products out there in market who use S3, administrator
> >> do
> >> >> have
> >> >> a access to data, which might be controlled by some measures. So how
> >> can
> >> >> be
> >> >> claim high security compliance
> >> >>
> >> >> Thanks for addressing this question, I am not able to get a clean
> head
> >> >> path
> >> >> on it
> >> >>
> >> >>
> >> >>
> >> >> Now is that acceptable in terms of Secu
> >> >>
> >> >>
> >> >>
> >> >> James Murty-3 wrote:
> >> >> >
> >> >> > The only way to allow clients to store encrypted data in S3 in such
> >> a
> >> >> way
> >> >> > that administrators cannot read it, is to provide some kind of
> >> >> application
> >> >> > the client can run on his/her own machine to do this work.
> >> >> >
> >> >> > If you don't trust your admins, there is little point encrypting a
> >> >> user's
> >> >> > files on your own server because admins will have simply be able to
> >> >> access
> >> >> > to the data there, rather than from S3 directly. Encrypting the
> data
> >> on
> >> >> > your
> >> >> > server would protect it from the Amazon admins who maintain S3, but
> >> not
> >> >> > from
> >> >> > your own server admins.
> >> >> >
> >> >> > A custom client app would allow your clients to automatically
> >> encrypt
> >> >> data
> >> >> > prior to uploading, and to decrypt it when downloading. This app
> >> could
> >> >> > also
> >> >> > be designed to interact with your server component to obtain signed
> >> >> URLs
> >> >> > to
> >> >> > gain access to S3.
> >> >> >
> >> >> > The problem is, such an app doesn't exist as far as I know. The
> >> >> > combination
> >> >> > of JetS3t's CockpitLite and Gatekeeper applications comes close,
> but
> >> >> > CockpitLite does not do any encryption.
> >> >> >
> >> >> > Hope this helps,
> >> >> > James
> >> >> >
> >> >> > ---
> >> >> > http://www.jamesmurty.com
> >> >> >
> >> >> >
> >> >> > On Tue, May 26, 2009 at 9:24 PM, MarkAtHarvest
> >> >> > <mark@harvestinfotech.com>wrote:
> >> >> >
> >> >> >>
> >> >> >> My jets3t client is working fine, current I am trying to upgrade
> it
> >> to
> >> >> >> DEV
> >> >> >> Pay account. I would like to ask if I can get little bit guidance
> >> on
> >> >> >> following
> >> >> >>
> >> >> >> I am using Amazon Dev Pay, then so as that an evil administrator
> is
> >> >> not
> >> >> >> able
> >> >> >> to see the S3 files of customers, what exactly do I need to do
> >> >> >> 1. can be to encrypt all the files stored in S3.
> >> >> >>   The problem I see with that approach is,
> >> >> >>   *. I cannot use Amazon HTTP Post to directly upload files on S3,
> >> >> >> without
> >> >> >> going through my server.
> >> >> >>   *. I cannot use createSignedGetUrl(), to create signed URLs to
> >> >> expose
> >> >> >> links for a temporary time, as the files need to be brought to my
> >> >> sever
> >> >> >> before user can download it.
> >> >> >>
> >> >> >> Is there a way I can solve the above two problems..
> >> >> >>
> >> >> >> --
> >> >> >> View this message in context:
> >> >> >>
> >> >>
> >>
> http://www.nabble.com/Questions-about-security-and-confidentiality-tp23735783p23735783.html
> >> >> >> Sent from the JetS3t Users mailing list archive at Nabble.com.
> >> >> >>
> >> >> >>
> >> >> >>
> >> ---------------------------------------------------------------------
> >> >> >> To unsubscribe, e-mail: users-unsubscribe@jets3t.dev.java.net
> >> >> >> For additional commands, e-mail: users-help@jets3t.dev.java.net
> >> >> >>
> >> >> >>
> >> >> >
> >> >> >
> >> >>
> >> >> --
> >> >> View this message in context:
> >> >>
> >>
> http://www.nabble.com/Questions-about-security-and-confidentiality-tp23735783p23741804.html
> >> >> Sent from the JetS3t Users mailing list archive at Nabble.com.
> >> >>
> >> >>
> >> >> ---------------------------------------------------------------------
> >> >> To unsubscribe, e-mail: users-unsubscribe@jets3t.dev.java.net
> >> >> For additional commands, e-mail: users-help@jets3t.dev.java.net
> >> >>
> >> >>
> >> >
> >> >
> >>
> >> --
> >> View this message in context:
> >>
> http://www.nabble.com/Questions-about-security-and-confidentiality-tp23735783p23747665.html
> >> Sent from the JetS3t Users mailing list archive at Nabble.com.
> >>
> >>
> >> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: users-unsubscribe@jets3t.dev.java.net
> >> For additional commands, e-mail: users-help@jets3t.dev.java.net
> >>
> >>
> >
> >
>
> --
> View this message in context:
> http://www.nabble.com/Questions-about-security-and-confidentiality-tp23735783p23750391.html
> Sent from the JetS3t Users mailing list archive at Nabble.com.
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@jets3t.dev.java.net
> For additional commands, e-mail: users-help@jets3t.dev.java.net
>
>