News:

SMF 2.1.4 has been released! Take it for a spin! Read more.

Main Menu

FTP to SFTP?

Started by kawajax, June 08, 2014, 02:45:30 PM

Previous topic - Next topic

kawajax

Is there any change make FTP To SFTP?
I mean "Change File Permissions" should be via SFTP instead FTP.
No one is in charge of your happiness, except you.
http://shareitservice.com/

Arantor

Not without a massive overhaul of the system. SFTP support is a huge thing to add and requires many more changes than just what seems obvious.

live627


kawajax

Quote from: live627 on June 09, 2014, 03:09:05 AM
SCP   >:D

How SCP resolve "Change File Permissions" FTP issue?
No one is in charge of your happiness, except you.
http://shareitservice.com/

Arantor

By fixing the underlying problem that is the entire package manager's behaviour in the first place.

kawajax

How to enable that SCP instead FTP in "Change File Permissions"?
No one is in charge of your happiness, except you.
http://shareitservice.com/

Arantor

Please, don't get into things you don't understand.

SCP is file copying over a secure connection, and complements the SFTP setup rather than supplements it. But none of that matters a damn when the entire setup is about editing files which is fundamentally insecure, fundamentally broken and totally the wrong way to do it.

The correct thing is to nuke the package manager and start over rather than grafting on ever more levels of things to break.

margarett

There isn't such option. Only FTP is supported.

What was being discussed is a "maybe in the future for next versions" possibility

Edit: Ninja'd :P
Se forem conduzir, não bebam. Se forem beber... CHAMEM-ME!!!! :D

QuoteOver 90% of all computer problems can be traced back to the interface between the keyboard and the chair

kawajax

Quote from: ‽ on June 13, 2014, 05:18:20 PM
Please, don't get into things you don't understand.

I'm sorry for sarcasm of my comments.

Quote from: margarett on June 13, 2014, 05:19:23 PM
There isn't such option. Only FTP is supported.

Yes, i know it.
That is reasons why i ask it, SFTP is more secure than FTP. And many ISP demand it, so FTP function not work in "Change File Permissions" case :(

btw. i'm data communications professional, so don't underestimate my knowledge.
No one is in charge of your happiness, except you.
http://shareitservice.com/

Arantor

That's kind of my original point: SCP won't fix your problems. Neither really will SFTP.

kawajax

Quote from: ‽ on June 13, 2014, 05:31:52 PM
That's kind of my original point: SCP won't fix your problems. Neither really will SFTP.

My "problem" is that SMF only support FTP, and my ISP demand SFTP (like many ISP in my country). SCP is not valid any case, because SCP is only for transfer, not for handling files.
No one is in charge of your happiness, except you.
http://shareitservice.com/

Arantor

And none of that solves your problem ANYWAY.

You can do what SMF does yourself through your file manager. All it's doing is escalating file permissions so Apache/PHP can write to the file. This is a terrible practice, it's known to be insecure (even if you put permissions back again after, not that most people do anyway) and the entire thing needs to be ripped out entirely.

kawajax

Quote from: ‽ on June 13, 2014, 05:43:47 PM
And none of that solves your problem ANYWAY.

You can do what SMF does yourself through your file manager. All it's doing is escalating file permissions so Apache/PHP can write to the file. This is a terrible practice, it's known to be insecure (even if you put permissions back again after, not that most people do anyway) and the entire thing needs to be ripped out entirely.

Why there is in SMF this kind of options:
No one is in charge of your happiness, except you.
http://shareitservice.com/

Arantor

Because SMF's package manager is outdated and stupid.

kawajax

Quote from: ‽ on June 13, 2014, 05:50:36 PM
Because SMF's package manager is outdated and stupid.

Thanks for info.
No one is in charge of your happiness, except you.
http://shareitservice.com/

Kindred

On the one hand, smf package manager has some potential issues...   On the other hand, what it does, allowing mods to edit code if fundamentally more configurable than any other system that I can think of...   Of course, it has the downside of being fundamentally more exploitable as well, if someone can get into the system...

As for FTP versus sftp, just set your file permissions correctly for file edits... Apply the mod... And then set them back to secure...  There will be no need for FTP or sftp.
Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

Arantor

It's also so much more brittle as evidenced by the number of people that have parse issues with various mods. Fix the structure to not need edits and everyone lives a happier and more fruitful life out of it.

As for FTP vs SFTP all you're doing is what SMF would itself be doing, and that's still insecure too even if you secure it, unless the mod doesn't add any of its own files.

Kindred

Yup... Powerful but brittle, because  it does assume that mod authors know what they are doing...   Which is a poor assumption in many cases, I will grant you...

But wait.,,   How is it insecure if I go back through and set all my files to 444?
Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

Arantor

Who owns the files? That's the key to it.

If you're letting apache2/nobody/www-data write files that are new files, THAT will be the file owner is way too many cases. At which point 444 is irrelevant because apache2/nobody/www-data can come along and chmod its own files.

This is why chown needs to be sorted out, which is why you pretty much need to enforce chownership at file creation which can't be done in normal PHP. Ironically it *can* be done in FTP but only if you upload via FTP rather than just fudging permissions.

Kindred

Ah. I understand now... Hmmmmm....
Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

Advertisement: