daneth1712 Posted January 10, 2010 Share Posted January 10, 2010 Hi all, I am currently facing some serious problems with a script and really need some advise before I am actually sick :'( To give you a brief overview of the situation, I have a script which is going to end up on someones local PC (dont ask how or why, its an extremely long story). The script will basically end up having all the connection details for someone to connect to my server via FTP. The script allows someone to connect to a folder and download a file from within that. What i have noticed is the script can obviously be edited by anyone (as the file is on their PC, so they can change the script to include commands like ftp_chdir, or ftp_cdup, so I have set the permissions on the server to only allow a person access to a single directory. What I dont know is (as there are some pretty smart php coders out there) if there is a way someone can bypass this limit and still manage to download other files from my server. I am basically looking for some advise here on how I can secure this, even though I am fully aware that the process is not a very smart or secure one to start with. Sorry if I am being a bit vague. :-\ Link to comment https://forums.phpfreaks.com/topic/187899-ftp-issues/ Share on other sites More sharing options...
joel24 Posted January 10, 2010 Share Posted January 10, 2010 so the user is running a web-server (apache etc) on their computer and running this php script? Link to comment https://forums.phpfreaks.com/topic/187899-ftp-issues/#findComment-992114 Share on other sites More sharing options...
teamatomic Posted January 10, 2010 Share Posted January 10, 2010 You should have some kind of cpanel or such. Just make a ftp user and let them use that for authentication. You as root will have access to their folder and can put whatever file(s) you want into it. If the server is setup as most the user will be chroot jailed to their own folder. To see if your server is chroot jailed FTP in and try to go up the folders past your own. If you can see other users folders then you will have problems, if so a better process would be to password protect a folder and let them use their browser. HTH Teamatomic Link to comment https://forums.phpfreaks.com/topic/187899-ftp-issues/#findComment-992118 Share on other sites More sharing options...
daneth1712 Posted January 10, 2010 Author Share Posted January 10, 2010 @ joel24 - yes, the users wil be running an apache server locally. I have filezilla server running on my server with read only permissions set on one folder which contains all the files I am allowing them to download. My concerns are that someone will find a way of bypassing the server limits and gain access to other folders on the server. Especially as the connection files they will have full access too. Link to comment https://forums.phpfreaks.com/topic/187899-ftp-issues/#findComment-992132 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.