Tulosta sivu - Images from FTP sites

Otsikko: Images from FTP sites
Kirjoitti: mrapples - maaliskuu 21, 2006, 02:29:58 AP

is there a reason why ftp is omitted as an accepted protocol for the img tag?

i have a user wanted to post images from his ftp, and i dont see any security rish there

thanks

Otsikko: Re: Images from FTP sites
Kirjoitti: Dannii - maaliskuu 21, 2006, 03:09:37 AP

I don't think you can actually link to FTP images directly.. I've never seen it done.

Otsikko: Re: Images from FTP sites
Kirjoitti: H - maaliskuu 21, 2006, 12:37:35 IP

Lainaus käyttäjältä: eldacar - maaliskuu 21, 2006, 03:09:37 AP
I don't think you can actually link to FTP images directly.. I've never seen it done.

Indeed. http / ftp protocols really don't mix mainly because of the FTP authentication ;)

If you own the server you could set up a low memory webserver such as lighttpd (http://www.lighttpd.net/) just to serve images from the ftp server

Otsikko: Re: Images from FTP sites
Kirjoitti: mrapples - maaliskuu 21, 2006, 12:58:45 IP

well, its not an issue of it working or not, you can directly link to images using the protocol, and i have it working, i just wanted to know if there was a security reason or something similar that it caused it to be left out

Otsikko: Re: Images from FTP sites
Kirjoitti: kegobeer - maaliskuu 21, 2006, 01:05:14 IP

I've never seen the FTP protocol used for serving images. Can you post a link using the FTP protocol?

Otsikko: Re: Images from FTP sites
Kirjoitti: mrapples - maaliskuu 21, 2006, 01:08:21 IP

certainly

http://www.whatsinyourbox.org/index.php/topic,2017.0.html

Otsikko: Re: Images from FTP sites
Kirjoitti: H - maaliskuu 21, 2006, 01:16:50 IP

wow. I thought all ftp links had to include the username and password (even for the anonymous user!)

Looks like I am wrong ;)

Otsikko: Re: Images from FTP sites
Kirjoitti: mrapples - maaliskuu 21, 2006, 01:22:02 IP

i believe in the server configuration you can specify if anonymous read transactions require a username and password, and i think write transactions always require authentication

Otsikko: Re: Images from FTP sites
Kirjoitti: kegobeer - maaliskuu 21, 2006, 01:24:50 IP

Most people do not allow completely anonymous FTP access to a site, especially without any type of username/password. This is the first time I've ever seen someone serving images using a file transfer protocol instead of a hypertext transfer protocol. I would suggest that the developers never thought anyone would actually use said protocol to serve files, images, etc, so it was omitted from the bbcode function.

I would strongly advise against using FTP to serve images. I was able to explore all of the files and directories hosted on the FTP account. It's usually not a good idea to let total strangers have complete read access to all of your directories. With HTTP, you have to guess at file names, and you can stop people from browsing the directory by uploading a blank index.html file.

Otsikko: Re: Images from FTP sites
Kirjoitti: mrapples - maaliskuu 21, 2006, 01:26:56 IP

i am aware of this, and i believe the user is as well

Otsikko: Re: Images from FTP sites
Kirjoitti: kegobeer - maaliskuu 21, 2006, 01:28:03 IP

You hacked the code to allow it, but I don't think it's something the developers will change in future releases.

Simple Machines Community Forum

Customizing SMF => SMF Coding Discussion => Aiheen aloitti: mrapples - maaliskuu 21, 2006, 02:29:58 AP