RE: Cool CGI File Uploading

This is a pretty neat idea, but what is wrong with FTP?

This may be a perl site, but I can see only one case where you wouldn't want to use FTP to transfer files: port 21 is unavailable to you.

What advantages does this have over using already established and reasonably secure standards for transferring files?

This also seems a lot like security by obscurity. You are using a port only YOU know, right? Well anyone with a port scanner and a grudge can find out anything. Trust me.

I am not being cruel, but I'm just adding a SysAdmin's point of view. I don't like rolling my own solution when standard solutions work so well.

Subscribe to lwall's virtue of laziness. It will save you time and energy.

J. J. Horner
Linux, Perl, Apache, Stronghold, Unix
jhorner@knoxlug.org http://www.knoxlug.org/

Comment on RE: Cool CGI File Uploading

Replies are listed 'Best First'.
RE: RE: Cool CGI File Uploading by gaggio (Friar) on Jun 23, 2000 at 19:45 UTC
You mentionned it: port 21 is not available to me everywhere. At work, I have only two or three ports open. Also, FTP is not as secure, since it requires sending your password over the network. As for the port scanner dealy, well, you did not read well what I wrote: you leave your litte file server running 10 seconds - the time to upload the file(s) - and then you shut it down. It is very unlikely that somebody will connect to your machine and mess around with it during that time!	[reply]
RE: RE: RE: Cool CGI File Uploading by tenatious (Beadle) on Jun 23, 2000 at 20:29 UTC
The point of your original post seemed to be that this would make it somehow easier to update a site. Does it? Let's go through the steps for each. Your way (if I understand you correctly) Start up mini-ftp server Open big-honking browser that can handle multipart encoding Go to URL with file input field click browse, navigate, and select ortype the filename click go (or have it upload onChange or something equally silly) Shut down mini-ftp server Using ftp from command line change to directory where file resides ftp to your server Enter username, password put file quit Frankly I don't see a great deal of time saved or a huge improvement in useability. Although it is clever, it seems like it might just be easier and quicker to ftp (or sftp, or scp). And although the risk is slight from a security stand point, it does make me curious whether you've ever forgot to turn out the lights.	[reply]
RE: RE: RE: RE: Cool CGI File Uploading by Anonymous Monk on Jun 23, 2000 at 21:21 UTC
Oh, and I almost forgot the most important: my machine at work is NOT registered in the DNS, so it is totally impossible to ftp to my university, because the servers there check for DNS registration. So... when FTP is completely unavailable, the purpose is more obvious!!!	[reply]
RE: RE: RE: RE: Cool CGI File Uploading by Anonymous Monk on Jun 23, 2000 at 21:18 UTC
Well, I'm sorry, but no. I have to disagree with that. First, you have to remember that this file input field is integrated in the update form along with the other update input (text fields), making it a unique updating application to use. Now, if you don't have my "live" update CGI, you have to use on top of that the ftp transfer, which, as you describe it, has several steps. For the little server, there is only one click to launch it, and one click to kill it. Speedwise, I'm telling you, the file transfer is faster than ftp. Turning the lights off? You won't forget that since there is an application running that takes room on your desktop. And again, there is no unencrypted password transfered, especially the one of your whole unix account: Security is better than ftp. BTW, there is no need for multipart encoding to use a textfield. I am not using CGI.pm, I have no need for it.	[reply]
RE: RE: RE: RE: RE: Cool CGI File Uploading by jjhorner (Hermit) on Jun 23, 2000 at 21:31 UTC
RE: RE: Cool CGI File Uploading by Aighearach (Initiate) on Jun 24, 2000 at 14:37 UTC
I use FTP to transfer files to/from work that I don't want to add to CVS. Sometimes I am on my home computer connecting to the ftp server at work, sometimes I have already telneted to work, and so it is simpler to just ftp to my home computer. Well, my ISP has had abusers sharing accounts with all their friends, so they started blocking all the ports < 1024. So, I just run ftp on port 10021. It's rather painless to type `ftp aighearach.homeip.net 10021` instead of just `ftp aigherach.homeip.net`. (oh yeah, telnet is port 5050, login guest... ;) Paris Sinclair \| 4a75737420416e6f74686572 pariss@efn.org \| 205065726c204861636b6572 I wear my Geek Code on my finger.	[reply]