FTP Information not stored once you enter it into ACP.

Started by kyleL, April 14, 2010, 07:32:53 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions

kyleL

April 14, 2010, 07:32:53 PM Last Edit: April 20, 2010, 12:11:28 AM by Norv

         
    • Version(s) of SMF: 2.0 RC3
    • Your Setup:
    • List any Modifications you have installed
    • ezportal
    • SMFgallery
    • recaptcha
  • List any Themes you have installed

         
    • Zap
  • List any non-English Language packs you have installed

         
    • Japanese
  • Are you using UTF-8? Not sure, was using latin1 before the 1.1.11-2.0 upgrade
  • Any other related information?

  • Server Software:

         
    • Apache/IIS version?: 2.2.15
    • PHP version?: 5.2.13
    • Database type and version: MySQL 5.0.9
    • Any other related server information? cPanel build 44718
  • Where the Error Occurred: When you enter the FTP details into the ACP, it connects, but it will not save the information, so you have to reenter it every time, for themes, and mods.

         
    • File: Not in a file
    • Line: No line
    • Any relevant errors in the SMF error log (if so please post them)?: None
  • How to Reproduce this Error?:

    • Go to ACP >Theme or Package management > Do an action that requires FTP access > once connection established, and action complete, do a different action that requires FTP access.

Quote from: confusion on April 14, 2010, 07:53:48 AM
I can't let the irony pass by unchallenged...  You are looking to have a forum where you host cracked software - which is a willful violation of the license agreement for that software, and yet you are concerned about the subtleties of the SMF license to ensure you don't stray from it?

My Site: Thought For Food Come on down!

Norv

#1
April 18, 2010, 05:10:44 PM
Thank you for taking the time to report this.

Personally, I don't think it's a bug. Instead, I would do the same (not store them) for security reasons. Every user credentials stored on the server mean more probability for spreading a problem like a hack or anything (when there is one).
Please note that a user's FTP account typically allows access to more than the forum directory: to everything they have in their hosting space. Including other sites, including (perhaps) other directories which are not even sites, but applications, logs, documents, anything. *IF* a SMF site or another site on your server gets hacked, there is a possibility the infection does not spread outside their directory. While if FTP credentials are also saved around there, or at their reach, this would allow for more probability that the attacker is able to grab them, thus everything in user's FTP account would be risked.

Not my call (the devs should decide on every bug), but I'm just explaining to you that, and why, I would not solve this... Sorry.
To-do lists are for deferral. The more things you write down the later they're done... until you have 100s of lists of things you don't do.

File a security report | Developers' Blog | Bug Tracker

Also known as Norv on D* | Norv N. on G+ | Norv on Github
Print
Go Up Pages1
User actions
Advertisement: