SMF Development > Bug Reports
[2.0] encrypted attachment file names and FTP
MrPhil:
For security purposes (as well as preventing name collisions), attachment files receive a mangled name when uploaded. The problem with this is that the original extension is lost. When forum owners back up their forums, at least some FTP clients transfer them as ASCII (text) rather than binary, because they don't see any recognizable file extension. This ruins image, document, and other non-text files.
I would suggest that the original file extension (type) be kept on the mangled/encrypted file name, so that file backups won't be damaged by ASCII transfer. If this is too much of a security exposure, some arbitrary extension such as .gif or .doc could be attached to all attachment file names. At least, the file will be transferred in binary mode (hopefully, who knows about FileZilla).
I'm calling this a bug because it results in severe data loss and unhappy customers. I don't know if it applies to SMF 1.x too (is/was filename mangling optional?).
Yoshi:
Or add an unused file name, like .smf. Dunno how FZ will react on that though.
emanuele:
I'd call it a bug of the ftp client... :P
You cannot reliably use the original extension...because in certain cases files doesn't need to have an extension at all (i.e. unix-like OSs).
MrPhil:
So, if there's not a recognized file extension (type), and the FTP client chooses to transfer it in ASCII, it's the client's fault? No sale. Just stick .doc on the end and every client should know to transfer it in binary, which is always safe (if not always the desired end result). After all, the attachment is a document of some sort, right? The alternative is to figure out what it is and stick .doc or .txt on the end, but I think that's overkill.
Antechinus:
Which clients have you had this problem with? FWIW, I've never encountered it with FileZilla.
Whoops. Just checked again and I see what you mean. That's a bit of a nuisance. Should defo be fixed in 2.1, if not earlier.
Navigation
[0] Message Index
[#] Next page
Go to full version