randall at randallreetz.com
Wed Sep 3 11:24:10 CDT 2008
This whole discussion makes me sad. What xtalk did for programming (in the era of applications) has not been done for the network (in the era of distributed logic and content). So we build applications... Lumbering dinosaurs we are. Sad. In both cases, it is the paradigm that is wrong, yet it is the user who suffers. It was easy enough to create a fix, a hack, to make application development accessible to the masses. But doing that for the network would be a herculean project. Reason? Humans still do for the net what what has been offloaded to compilers to do for apps.
From: "Bernard Devlin" <bdrunrev at gmail.com>
To: "How to use Revolution" <use-revolution at lists.runrev.com>
Sent: 9/3/2008 5:29 AM
Subject: Re: secure FTP
Securing FTP looks like it is going to be complex. I searched the archive
using Nabble and came up with this discussion from 2 years back:
Now, since both Dave Cragg and Dar Scott were involved (and both know more
about networking and security than I will probably ever know), it doesn't
look like there is any simple solution. In fact, I would think that Dar's
suggestion is probably not going to work with and would require you to
bundle addtional software with your app. (From
http://www.stunnel.org/faq/troubleshooting.html#ToC18 - stunnel is an ssl
wrapper, placed round calls to local ports and forwards them securely to a
FTP over Stunnel won't work I just can't get ftp to work over Stunnel no
matter how hard I try.
*Answer*: Stunnel cannot be used for the FTP daemon because of the nature of
the FTP protocol which utilizes multiple ports for data transfers. There are
SSL aware FTP servers available.
Alternitively you could use a different protocol. All versions of SSH
include a program called scp which works like rcp. Recent versions of
OpenSSH include a program called sftp which has an ftp-like feel.
It looks to me like the options are:
a) using a SSL compatible ftp server, then getting SSL to work with that
(unless there is some reason why Rev's SSL implementation wouldn't work with
that, but I doubt it since SSL applies at the socket level). This would
only work with some servers, but at least it would be a Rev-only solution
(but requires an enterprise license to get SSL). On the linux side it looks
like the major ftp servers (vsftpd, proftpd) support ssl. Of course, if you
are not in charge of the server, then you probably have no control over
which server is used or over whether or not ssl is enabled.
b) switching to using https and posting your data to a webserver. Requires
you to change how you handle stuff on the server, and would also have
security implications (you don't want people to be able to post files that
would replace e.g. .htaccess), but would also be a Rev-only solution
c) using an external program with your app (e.g. scp, sftp, curl), and
bundling the executable/libraries if necessary (i.e. they won't be available
with Windows by default - by default Vista even disables the telnet
client!). The server would obviously have to have compatible server
processes running with appropriate login permissions, and attendant security
issues (i.e. there is going to be a username capable of logging into a shell
on that server, and that will need additional consideration).
d) look into using webdav over https. Again may require server side
changes, and also has security issues as with b).
On Wed, Sep 3, 2008 at 9:46 AM, Jim Sims <sims at ezpzapps.com> wrote:
> I am looking for a way to upload files onto a server
> that is secure. I do not want my potential client
> to say "Hey! That will send passwords in the clear!!"
> I am looking for a method, using Rev, that can be implemented
> on OS X and Windows.
> use-revolution mailing list
> use-revolution at lists.runrev.com
> Please visit this url to subscribe, unsubscribe and manage your
> subscription preferences:
use-revolution mailing list
use-revolution at lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
More information about the use-livecode