Security Implications?

Please post here if you have problems in using Wing FTP Server.
Post a reply

Security Implications?

Postby juberish » Tue Oct 19, 2010 11:02 pm

I'm playing with the FTP and just realized that there's a tool for providing direct links for file downloads.

I'm concerned about the security implications of this, we have a credential based system and SSL certs, is this all for not since the files are apparently available to the outside via direct link anyway?? I was expecting the link to prompt you for a username and password, but this is not the case, clicking the link will directly prompt you to download the file.

If anyone has any information or advice regarding the security implications of this feature, it would be appreciated.
juberish
 
posts 2
 
joined Mon Oct 18, 2010 9:58 pm
Top

Re: Security Implications?

Postby jbwjbw » Sat Nov 13, 2010 9:14 pm

juberish wrote:I'm playing with the FTP and just realized that there's a tool for providing direct links for file downloads.

I'm concerned about the security implications of this, we have a credential based system and SSL certs, is this all for not since the files are apparently available to the outside via direct link anyway?? I was expecting the link to prompt you for a username and password, but this is not the case, clicking the link will directly prompt you to download the file.

If anyone has any information or advice regarding the security implications of this feature, it would be appreciated.


I was wondering the same thing.
jbwjbw
 
posts 11
 
joined Thu Nov 04, 2010 8:30 pm
Top

Re: Security Implications?

Postby FTP » Mon Nov 15, 2010 8:38 am

Do you mean HTTP download link? HTTP download link is designed for downloading by external download-tool (like flashget), not for file sharing. So that link will be available when user logged in, when he logout, it won't be available any more.
FTP
Site Admin
 
posts 1134
 
joined Tue Sep 29, 2009 6:09 am
Top

Re: Security Implications?

Postby jbwjbw » Thu Nov 18, 2010 7:31 pm

FTP wrote:Do you mean HTTP download link? HTTP download link is designed for downloading by external download-tool (like flashget), not for file sharing. So that link will be available when user logged in, when he logout, it won't be available any more.


That does make more sense, I had not tested logging out and seeing what it did, duhhh.

It would be nice to have something similar to this but that prompts for login/password then downloads the file.

- Justin
jbwjbw
 
posts 11
 
joined Thu Nov 04, 2010 8:30 pm
Top

Re: Security Implications?

Postby Ataman » Mon Nov 29, 2010 1:12 pm

Can i use the direct link (to download file) withouth loging in to the system?
if not, is there an option to download file without user and pass?
or like in Flashget to enter user & Pass for every download (like Rapidshare).

Thanks.
Ataman
 
posts 1
 
joined Mon Nov 29, 2010 1:05 pm
Top

Re: Security Implications?

Postby FTP » Mon Nov 29, 2010 2:35 pm

Ataman wrote:Can i use the direct link (to download file) withouth loging in to the system?
if not, is there an option to download file without user and pass?
or like in Flashget to enter user & Pass for every download (like Rapidshare).

Thanks.


Wing FTP Server do not support direct link, you can use ftp link with user/pass to download your files, like: ftp://user:pass@YourIP/download/file
FTP
Site Admin
 
posts 1134
 
joined Tue Sep 29, 2009 6:09 am
Top
Post a reply

Return to Support

Who is online

Users browsing this forum: Google [Bot] and 2 guests

Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group