Secure FTP connection, All browsers!!!

Hello,

I need some advice.
I am building a web application in php.I work for a graphic design company. This application is a front end for a Image library. All the image files will be stored on a ftp server. I need a way to link to the files but not display ftp user/pass. What i am doing now is creating a pop-up which loads a php page which redirects to the ftp file (ftp://user:pass@ftp.domain.com:21/test.doc). This only works in some browsers:

IE- opens pop-up and save as dialog at same time, does not allow focus of pop-up until save as is clicked, and then pop-up close's (impossible to view source and see address)

netscape- opens pop-up and save as dialog, but displays link in netscape download manager.

Does anyone know of a way I can stop users from seeing the ftp user/pass?

If you need clarification on anything please ask
LVL 4
91mustangAsked:
Who is Participating?
 
hernst42Connect With a Mentor Commented:
I just tried it and HTTP was faster than FTP:
A file of 322106KB took via ftp ~ 90 sec, via raw http it took ~ 67 seconds and via http and php it took as long as ftp ~ 90 sec

Both files have been downloaded via Mozilla 1.7 on an Windows-box (server is a linux-server, apache 1.3 for http and pure-ftpd for ftp) with a 100MBit-full switched network

The files was delivered in php:
header("Content-Disposition: attachment; filename=\"$filename\"");
header("Content-Length: " . filesize($filename));
$fp = fopen($filename, 'rb');
fpassthru($fp);
0
 
ryangclearCommented:
Wouldn't it be easier to do this with SQL queries and more secure? Server side stripping.
0
 
91mustangAuthor Commented:
Could you explain?
0
Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
ZylochCommented:
ryan, you mean storing the image links inside a database?
0
 
91mustangAuthor Commented:
>>Zyloch

Thats what I am doing, but I still have to give the user the link to click on?, What I need is way to hide the password.
0
 
hernst42Commented:
Why should the user download the image via ftp, he could also download it via http:// and your application. Instead of redirecting the user to the ftp://-URL redirect the user to a page which downloads the images. If you have the problem that the picture is shown in the browser you can modify the headers to show a save dialog for that file. e.g:

header("Content-Disposition: attachment; filename=\"$filename\"");
0
 
91mustangAuthor Commented:
The files are photshop and illustratot files. Most files are 800mb +. http is not an option. We need ftp for speed.
0
 
91mustangAuthor Commented:
interesting, I will give it a try at work tommorow, thanks for the info!!
0
 
gnudiffCommented:
Side note.

In my around 7-8 years experience, HTTP downloads for some reason indeed have always been faster than FTP downloads from the same server, regardless of the server. I would guess that FTP protocol adds some overhead with its usage of 2 connections (control + data ).
0
All Courses

From novice to tech pro — start learning today.