File transfer questions

Forum Moderators: phranque

Message Too Old, No Replies

File transfer questions

Client doens't want to use FTP to transfer files

jennifer

7:05 pm on Feb 5, 2003 (gmt 0)

One of my clients has his site located on a server hosted by his brother-in-law (ok, yet another problem). I believe that it is an NT server. His brother-in-law does not like FTP. He states that "it displays the password in plain text" and is concerned about security. The brother-in-law claimed that I could use any program that uses front page extensions to load files on the site or also use server side includes as an alternative to FTP.

Since I've only used FTP to set up sites I have a few questions that I hope one of the more knowledgeable people here can answer:
1) Is the password displayed in plain text with FTP...and if so, why do all the other web hosting companies I work with use FTP for loading/downloading files.
2) Does anyone know if Dreamweaver supports front page extensions.
3) Is it possible to use server side includes (wouldn't I still need access to the server?)and if so how would I use server side includes instead of FTP?

Thanks

andreasfriedrich

7:16 pm on Feb 5, 2003 (gmt 0)

#1
Just like HTTP or SMTP FTP does use clear text passwords. scp uses ssh to copy the files over an encrypted connection and uses all authentication methods that may be used by ssh as well. I believe putty which is a Windows ssh client will provide a form of scp.

#3
SSI will not help indeed. You still need a way to transfer files to the server.

HTH Andreas

Dreamquick

7:23 pm on Feb 5, 2003 (gmt 0)

I can really see FP being any more than FTP to be honest (although I'm open to being corrected).

andreas was right when he said that to perform a secure transfer you need a kind of SSH "wrapper" around your connection for which Putty provides some really sweet client-side tools, however you also need software on the server which supports secure transfers which is the major reason why there are so few off-the-shelf implementations of this & why so few webhosts support it...

- Tony

lorax

7:27 pm on Feb 5, 2003 (gmt 0)

LOL - *sorry*

Dreamweaver does not support FP Extensions that I'm aware of.

To get around FTP you could write script to upload the files but then you'd need a way to upload the script in the first place. :)

Take the B.I.L. outback and give him a good thrashing. FTP is the industry standard for transferring files.

BTW - FP Extensions has it's own security issues which are far more likely to be exploited (IMHO):

[archive.infoworld.com...]

[msdn.microsoft.com...]

Backgrounder: [rtr.com...]

jennifer

9:41 pm on Feb 5, 2003 (gmt 0)

Thanks for the extremely quick responses. Nothing like client's in-laws to make life more "interesting".

Now all I have to do is craft a gently response to my client.

Macguru

10:06 pm on Feb 5, 2003 (gmt 0)

>>Now all I have to do is craft a gently response to my client.

I am really interested to know about your response.

I would go by : Driving a nail using a hammer in soft wood cost 1 cent per nail in labour. We would like to borrow your brother in law as a hammer to know if he competes as a mediaval screwdriver at driving nails. ;)

lorax

2:05 am on Feb 6, 2003 (gmt 0)

Jennifer,
In our neck of the woods (you're about a 120 minute drive down I89 from me), it's hard to find a client who's family isn't somehow giving them advice on technology. ;)

I know high school students who've put up web servers. That doesn't make them experts on security or on web servers. The best webserver admin is the one who acknowledges thier weaknesses and does something about them. Like hire someone who is an expert on security.

The point is, go ahead and punch a few holes in the argument but be ready to back up what you say. Do your homework. If I were in your shoes (it's easy to comment from afar) I'd be ready to walk away if they insist on doing the job with such ridiculous restrictions.

JayCee

3:41 am on Feb 6, 2003 (gmt 0)

The latest version of WS_FTP Pro supports SSL (Secure Socket Layers), so you could have the BIL set up SSL on the server and be pretty secure *and* use FTP.

I usually use WS_FTP Pro without the SSL, but have one client who wants to protect their server logs (which I analyze for them) and it has worked well downloading those through their SSL.

jennifer

2:40 pm on Feb 6, 2003 (gmt 0)

Thanks for all the info.

Macguru: I took the information that you folks kindly provided, pointed out that FTP was THE industry standard to my client and that his brother-in-law could set up SSL on his server if he wanted more security. Of course that would entail his B.I.L adding more software to the server....and I have a strong hunch that the B.I.L.'s technical skills are a bit weak.

End result, B.I.L has agreed to add FTP to the server.

Lorax: Unfortunately, the client (and the brother-in-law) is located in Dallas; a bit of a trek to have a one-on-one discussion with him (and yes, I was extremely tempted). If they were located a bit closer it would be a lot easier. I suspect that everyone has a family member that offers advice on technology - whether they know anyting or not.