Solved

Secure FTP connection, All browsers!!!

Posted on 2004-08-20
9
167 Views
Last Modified: 2010-04-06
Hello,

I need some advice.
I am building a web application in php.I work for a graphic design company. This application is a front end for a Image library. All the image files will be stored on a ftp server. I need a way to link to the files but not display ftp user/pass. What i am doing now is creating a pop-up which loads a php page which redirects to the ftp file (ftp://user:pass@ftp.domain.com:21/test.doc). This only works in some browsers:

IE- opens pop-up and save as dialog at same time, does not allow focus of pop-up until save as is clicked, and then pop-up close's (impossible to view source and see address)

netscape- opens pop-up and save as dialog, but displays link in netscape download manager.

Does anyone know of a way I can stop users from seeing the ftp user/pass?

If you need clarification on anything please ask
0
Comment
Question by:91mustang
9 Comments
 
LVL 2

Expert Comment

by:ryangclear
ID: 11860727
Wouldn't it be easier to do this with SQL queries and more secure? Server side stripping.
0
 
LVL 4

Author Comment

by:91mustang
ID: 11860920
Could you explain?
0
 
LVL 36

Expert Comment

by:Zyloch
ID: 11862427
ryan, you mean storing the image links inside a database?
0
 
LVL 4

Author Comment

by:91mustang
ID: 11863730
>>Zyloch

Thats what I am doing, but I still have to give the user the link to click on?, What I need is way to hide the password.
0
Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

 
LVL 48

Expert Comment

by:hernst42
ID: 11864592
Why should the user download the image via ftp, he could also download it via http:// and your application. Instead of redirecting the user to the ftp://-URL redirect the user to a page which downloads the images. If you have the problem that the picture is shown in the browser you can modify the headers to show a save dialog for that file. e.g:

header("Content-Disposition: attachment; filename=\"$filename\"");
0
 
LVL 4

Author Comment

by:91mustang
ID: 11864597
The files are photshop and illustratot files. Most files are 800mb +. http is not an option. We need ftp for speed.
0
 
LVL 48

Accepted Solution

by:
hernst42 earned 125 total points
ID: 11864714
I just tried it and HTTP was faster than FTP:
A file of 322106KB took via ftp ~ 90 sec, via raw http it took ~ 67 seconds and via http and php it took as long as ftp ~ 90 sec

Both files have been downloaded via Mozilla 1.7 on an Windows-box (server is a linux-server, apache 1.3 for http and pure-ftpd for ftp) with a 100MBit-full switched network

The files was delivered in php:
header("Content-Disposition: attachment; filename=\"$filename\"");
header("Content-Length: " . filesize($filename));
$fp = fopen($filename, 'rb');
fpassthru($fp);
0
 
LVL 4

Author Comment

by:91mustang
ID: 11864739
interesting, I will give it a try at work tommorow, thanks for the info!!
0
 
LVL 3

Expert Comment

by:gnudiff
ID: 11892397
Side note.

In my around 7-8 years experience, HTTP downloads for some reason indeed have always been faster than FTP downloads from the same server, regardless of the server. I would guess that FTP protocol adds some overhead with its usage of 2 connections (control + data ).
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

There are two main kinds of selectors in CSS: One is base selector like h1, h2, body, table or any existing HTML tags.  For instance, the following rule sets all paragraphs (<p> elements) to red: (CODE) CSS also allows us to define our own custom …
This article covers the basics of the Sass, which is a CSS extension language. You will learn about variables, mixins, and nesting.
The viewer will learn how to count occurrences of each item in an array.
HTML5 has deprecated a few of the older ways of showing media as well as offering up a new way to create games and animations. Audio, video, and canvas are just a few of the adjustments made between XHTML and HTML5. As we learned in our last micr…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now