[thelist] Windows program to upload via FTP without disclosing password

Joel Lieberman joel_lieberman at yahoo.com
Sun Feb 17 07:12:00 CST 2002


Hi Ken -

Maybe I'm missing somthing, but why not set up
anonymous FTP with permissions only for one folder.
That way no passwords are needed, but access is denied
to any other file system nodes.

Another solution that I use when I need a client to
access a database with *special* privileges that
depend on passwords (and I don't want to carry the
administrative overhead of allowing the client to
directly log in to the server) is to use a small Perl
server or other listener to broker the needed tasks or
transactions.  I specifically use this for FTP on my
Oracle servers so that no one ever has login or FTP
privileges of any kind, yet they can upload files to a
directory (they don't even know where it is) at the
push of a button.

Joel Lieberman
--- Ken Kogler <ken at kenkogler.com> wrote:
> Never heard of a client-side solution for something
> like this, but in
> the past when I've been in this situation, I create
> a password-protected
> page for the client and write an upload script that
> uses the <form> to
> post the data to the server.
>
> Implementation depends on the server and the code
> you use. I use ASP on
> IIS5. Mail me off list if you know ASP and want some
> help with it.
> Google can also show you a few hundred tutorials too
> many.
>
> -kenkogler
>
> -----Original Message-----
> From: thelist-admin at lists.evolt.org
> [mailto:thelist-admin at lists.evolt.org] On Behalf Of
> Andy Warwick
> Sent: Saturday, February 16, 2002 12:05 PM
> To: thelist at lists.evolt.org
> Subject: [thelist] Windows program to upload via FTP
> without disclosing
> password
>
>
> Hi
>
> I'm after a solution for Windows PCs that will allow
> a client to upload
> - via
> FTP - images (JPEGs) into a specific folder on my
> web server without
> disclosing
> the login name or password.
>
> In an ideal world, the user would prepare the images
> to the correct dpi
> and
> compression, then drop them onto the program icon,
> which would then log
> onto the
> FTP server and upload the files.
>
> What prevents me using a standard FTP client is that
> I want some way to
> conceal
> the login and password from the user, so that he
> can't access other
> folders on
> the server other than the folder 'hard-coded' into
> the program. (I'm not
> in a
> position to simply set up an FTP account that serves
> only the individual
> folder.)
>
> I've got a solution working on the Mac with
> Applescript, in the form of
> a
> read-only droplet with embedded login and password,
> but need something
> similar
> for the Windows platform.
>
> Any ideas?
>
> TIA
>
> Andy W
>
> <tip type="Auto-include external PHP files"
> name"Andy Warwick">
>
> If you like to keep your PHP code in a different
> file to your HTML, you
> can use
> the PHP "auto-prepend" file with the following piece
> of code to
> auto-include the
> files without thinking about it, or having any PHP
> code in the HTML to
> confuse
> your fellow coders.
>
> Place the following code in your PHP
> auto_prepend_file (which you set in
> the
> php.ini file and gets added to every file served -
> see
> http://www.php.net/manual/en/configuration.php), set
> apache to have PHP
> parse
> files ending in .htm, and name any file you want
> auto-including with the
> same
> filename as your HTMl file, save for a .php
> extension, placing it in the
> same
> directory as the HTMl file, thus:
>
>     public_html
>     --- example.htm
>     --- example.php
>
> The file example.php will be auto-included in the
> file example.htm
> without any
> visibile PHP code in the HTML file, as that's hidden
> in the auto_include
> file.
>
> --- code for auto_include file ---
>
> $include_file = ereg_replace ( '\.[a-zA-Z0-9_]+$',
> '.php', "$PHP_SELF" )
> ;
>
> $include_file = substr ( "$include_file", '1',
> strlen ( "$include_file"
> ) ) ;
>
> if ( file_exists ( $include_file ) )
> {
>     include_once ( $include_file ) ;
> }
>
> --- end ---
>
> The code simply finds the file's extension, replaces
> it with '.php', and
> if a
> file with that name exists in the include path,
> auto-includes it.
>
> Caveat: parsing all your HTML files in this manner
> will slow your server
> down a
> fraction, so you might want to check the hit before
> using on a
> high-volume site.
>
> </tip>
> --
> For unsubscribe and other options, including
> the Tip Harvester and archive of thelist go to:
> http://lists.evolt.org Workers of the Web, evolt !
>
> --
> For unsubscribe and other options, including
> the Tip Harvester and archive of thelist go to:
> http://lists.evolt.org Workers of the Web, evolt !


__________________________________________________
Do You Yahoo!?
Yahoo! Sports - Coverage of the 2002 Olympic Games
http://sports.yahoo.com



More information about the thelist mailing list