I am supposed to make a module that does sftp to third parties. Users put in their credentials and we connect and dump files on their servers. It seems like a terrible idea. We don’t administer those computers or define anything about their security. We don’t know if they are entering third party credentials or handling data according to our TOS. Can’t we just send them a presigned link by email on a schedule or something?

In what will you write it? Should it work on Linux and Windows or is it a web app? Who owns the servers?

@retoor Node in a container. After we do a routine job it sends the output to a customer server that they configure.

Configured on a web application. We have like 150000 customers that could use it. Some could be people that are connecting it to a windows XP machine for all we know. We don’t know if they are making us send it to a third party.

Previously we sent a link to the supplied email and they had to use oauth to get to the download.