Jump to content

FTP issues

daneth1712

By daneth1712
in PHP Coding Help

 Share

Recommended Posts

daneth1712 Member

daneth1712

Posted
Posted

Hi all,

 

 

I am currently facing some serious problems with a script and really need some advise before I am actually sick  :'(

 

To give you a brief overview of the situation, I have a script which is going to end up on someones local PC (dont ask how or why, its an extremely long story). The script will basically end up having all the connection details for someone to connect to my server via FTP. The script allows someone to connect to a folder and download a file from within that. What i have noticed is the script can obviously be edited by anyone (as the file is on their PC, so they can change the script to include commands like ftp_chdir, or ftp_cdup, so I have set the permissions on the server to only allow a person access to a single directory.

 

What I dont know is (as there are some pretty smart php coders out there) if there is a way someone can bypass this limit and still manage to download other files from my server.

 

I am basically looking for some advise here on how I can secure this, even though I am fully aware that the process is not a very smart or secure one to start with.

 

Sorry if I am being a bit vague.  :-\

Link to comment
Share on other sites
teamatomic Newbie

teamatomic

Posted
Posted

You should have some kind of cpanel or such. Just make a ftp user and let them use that for authentication. You as root will have access to their folder and can put whatever file(s) you want into it. If the server is setup as most the user will be chroot jailed to their own folder. To see if your server is chroot jailed FTP in and try to go up the folders past your own. If you can see other users folders then you will have problems, if so a better process would be to password protect a folder and let them use their browser.

 

 

HTH

Teamatomic

Link to comment
Share on other sites
daneth1712 Member

daneth1712

Posted
  • Author
Posted

@ joel24 - yes, the users wil be running an apache server locally.

 

I have filezilla server running on my server with read only permissions set on one folder which contains all the files I am allowing them to download.

 

My concerns are that someone will find a way of bypassing the server limits and gain access to other folders on the server. Especially as the connection files they will have full access too.

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.