FTP from iOS but getting tsneterr: (67) Access denied: 530

Richard Gaskin ambassador at fourthworld.com
Sun May 28 13:47:10 EDT 2017


Sannyasin Brahmanathaswami wrote:

 > If using
 > sftp://username:password@mydomain/sompath/somefile.ext
 > is the user name and password "sniffable"
 >
 > I am under the impression it is not as SFTP encrypts *before* sending
 > out the pipe.
 >
 > Is that understanding correct?

Yes, that's the key benefit of SFTP and FTPS over the older FTP, since 
the latter is effectively handing control of you server over to any 
man-in-the-middle.

FTPS works similarly to HTTPS, and requires an SSL certificate on the 
server.  SFTP uses SSH, and does not requires a cert.  The differences 
are summarized here:
<https://www.howtogeek.com/194740/what-is-the-difference-between-ftps-and-sftp/>

But either will establish a secure channel with the server before 
negotiating login.

One challenge with either is that unless you use shared SSH keys with 
SFTP (suitable only for admin tasks), they require embedding login 
credentials in code.  LC's script encryption isn't bad, but it's 
generally good practice to avoid embedded passwords whenever practical 
(everything is crackable, sometimes we forget to encrypt a stack, etc.).

Given that, and the general inefficiency of FTP for cases where you just 
want to move data from client to server, more commonly that need is 
addressed with an HTTP API on the server, which can be done with any 
server process that allows scripting, including PHP, Perl, Python, 
JavaScript, or a LiveCode Server CGI, as described here:
<http://lessons.livecode.com/m/4070/l/40708-how-to-upload-a-file-with-livecode-server>

FTP is great for ad hoc access to server files, like when you need to 
navigate among files, etc.  But there are better tools for most other 
use-cases, like rsync and scp for admin tasks and HTTP for most 
non-admin tasks.

-- 
  Richard Gaskin
  Fourth World Systems
  Software Design and Development for the Desktop, Mobile, and the Web
  ____________________________________________________________________
  Ambassador at FourthWorld.com                http://www.FourthWorld.com




More information about the Use-livecode mailing list