Client-Server File Sharing

About this model

Client-server file sharing is the most traditional Internet-based file sharing model, covering everything from simple single-page web sites to complex e-commerce systems. If the data to be distributed resides in one central location (whether a single machine or a cluster of machines), and users who want the information must go to that location, the central location is called the "server" and the users who want the information are called "clients." On the surface, this model resembles the system-native model because a user goes to another computer for information. However, the system-native model is used on people's workstations -- computers where other functions like office work are the primary purpose, and file sharing is secondary. In most client-server setups, the server is a dedicated computer whose entire purpose is to distribute files -- or, depending on the size of the operation, a huge group of computers. Nearly all the major online information and e-commerce services (sites such as Amazon.com, eBay, Yahoo, MSN, and more) follow the client-server file sharing model. On a smaller scale, most campus services (such as NetFiles, Express Email, Illinois Compass, and Banner) also follow the client-server file sharing model.

Benefits and risks

Client-server file sharing has both unique benefits and unique risks.

Benefits of client-to-server file sharing

Central administration and security: Both for system administrators and for system users, the client-server model of file sharing means that there's only one system (or group of systems) responsible for the data distribution, and usually a professional system administrator (or team of administrators) deals with the security issues.

Unlike system-native file sharing, where every user needs to be his or her own security officer and set file permissions on every share, client-side users typically don't have to change any security settings in order to access files on the server or post files for distribution from the server. The security design is taken care of by the server's administrators. Users simply need to make sure their connection to the server is secure, by using encryption methods such as SSL, SSH, and the like. Then the server sends the files (applications, web pages, etc.) over the secure connection to the client who wants the information.

NetFiles, Express Email, Illinois Compass, Banner, and many more server-based file and data sharing services automatically require users to make secure connections. If you're using any of these systems, you've already taken care of the encryption you need, because you aren't allowed to connect without it. The encryption ability may be built into your web browser, your email client, or another piece of software required for access.

Risks of client-server file sharing

Single target for attacks: Because a client-server model transfers most of the security responsibilities to the central server, most of the security risks focus on the server as well. If a password database is compromised, or if a file is infected with a virus, security problems can arise for the users who store their passwords in the database or download infected files. In addition, the client-server file sharing model is more vulnerable to denial-of-service attacks. Since everyone knows that the data comes from the central system, attackers can overload the system with fake requests for information and slow the system to a halt.

Not all systems are well secured: Although many systems require the use of encryption to protect your password and your communications with the server, not all systems are designed this way. Some web sites store passwords unencrypted, send them to you in unprotected email for your records, or simply assume that security isn't required. For example, many chat, blog, forum, and other noncommercial sites assume that since no money is changing hands, password security isn't as important as it would be to a bank or online store. If you reuse passwords in more than one location, a compromise of a forum password can make your other accounts vulnerable.

More information

For more information about protecting your computer, see How to Secure Client-Server File Sharing.