Page 1 of 1

Security Implications?

Posted: Tue Oct 19, 2010 11:02 pm
by juberish
I'm playing with the FTP and just realized that there's a tool for providing direct links for file downloads.

I'm concerned about the security implications of this, we have a credential based system and SSL certs, is this all for not since the files are apparently available to the outside via direct link anyway?? I was expecting the link to prompt you for a username and password, but this is not the case, clicking the link will directly prompt you to download the file.

If anyone has any information or advice regarding the security implications of this feature, it would be appreciated.

Re: Security Implications?

Posted: Sat Nov 13, 2010 9:14 pm
by jbwjbw
juberish wrote:I'm playing with the FTP and just realized that there's a tool for providing direct links for file downloads.

I'm concerned about the security implications of this, we have a credential based system and SSL certs, is this all for not since the files are apparently available to the outside via direct link anyway?? I was expecting the link to prompt you for a username and password, but this is not the case, clicking the link will directly prompt you to download the file.

If anyone has any information or advice regarding the security implications of this feature, it would be appreciated.
I was wondering the same thing.

Re: Security Implications?

Posted: Mon Nov 15, 2010 8:38 am
by FTP
Do you mean HTTP download link? HTTP download link is designed for downloading by external download-tool (like flashget), not for file sharing. So that link will be available when user logged in, when he logout, it won't be available any more.

Re: Security Implications?

Posted: Thu Nov 18, 2010 7:31 pm
by jbwjbw
FTP wrote:Do you mean HTTP download link? HTTP download link is designed for downloading by external download-tool (like flashget), not for file sharing. So that link will be available when user logged in, when he logout, it won't be available any more.
That does make more sense, I had not tested logging out and seeing what it did, duhhh.

It would be nice to have something similar to this but that prompts for login/password then downloads the file.

- Justin

Re: Security Implications?

Posted: Mon Nov 29, 2010 1:12 pm
by Ataman
Can i use the direct link (to download file) withouth loging in to the system?
if not, is there an option to download file without user and pass?
or like in Flashget to enter user & Pass for every download (like Rapidshare).

Thanks.

Re: Security Implications?

Posted: Mon Nov 29, 2010 2:35 pm
by FTP
Ataman wrote:Can i use the direct link (to download file) withouth loging in to the system?
if not, is there an option to download file without user and pass?
or like in Flashget to enter user & Pass for every download (like Rapidshare).

Thanks.
Wing FTP Server do not support direct link, you can use ftp link with user/pass to download your files, like: ftp://user:pass@YourIP/download/file