Sign in to follow this  
Followers 0
fi3ldy

Hiding FTP Details in script? Upload using PHP as alternative?

7 posts in this topic

#1 ·  Posted (edited)

Im current using the FTP.au3 submitted on the form (sorry cant remember who by)....

$ftpserver = "server"

$ftpuser = "user"

$ftppass = "pass"

$Open = _FTPOpen('ftp')

$Conn = _FTPConnect($Open, $ftpserver, $ftpuser, $ftppass)

So i have my username, password and server variables set to connect to the FTP, it all goes well and the files upload!.....

The thing im unsure about is its security, i simply packetsniffed my application, after 1 upload, i looked at the packetsniff results and found the server, username and password to my FTP in plain text, no problem..is there any way to protect this information from packsniffers??

Uploading via PHP seems a better idea, using GET, anybody got any examples on how to upload via php, could u use INetGet? (I can code PHP well, btw :D)

Thanks alot for reading and any help would be appriciated!

:P

Edited by fi3ldy

Share this post


Link to post
Share on other sites



Using php alone will not help with security. Might be able to set up a ssl connection.

It's a ftp thing.

If you want to continue using ftp you will need to set up a vpn between the computers. You will still be able to sniff the packets on the end computers.

Or if you can move to the sftp. It's part of the ssh package.

Hopefully this helps a bit.

Share this post


Link to post
Share on other sites

you should check out smoke_n's EncodeIt in scripts and scraps. it will help obfuscate the literal strings you're worried about displaying.


1100111 00001011101111 00011101101111 00010111100100 00001111110100 00110111110010 00101101111001 0011100i didn't make up this form of encryption, but i like it.credit to the lvl 6 challenge on arcanum.co.nz

Share this post


Link to post
Share on other sites

you should check out smoke_n's EncodeIt in scripts and scraps. it will help obfuscate the literal strings you're worried about displaying.

aint gonna help you to avoid the clear text userid/password issue that you have with FTP, unless Secure ftp is supported...

Visit the SciTE4AutoIt3 Download page for the latest versions        Beta files                                                          Forum Rules
 
Live for the present,
Dream of the future,
Learn from the past.
  :)

Share this post


Link to post
Share on other sites

aint gonna help you to avoid the clear text userid/password issue that you have with FTP, unless Secure ftp is supported...

i didn't read clearly enough, totally my mistake; i thought the OP was wary about the details being readable in the code. My apologies, and i stand corrected

1100111 00001011101111 00011101101111 00010111100100 00001111110100 00110111110010 00101101111001 0011100i didn't make up this form of encryption, but i like it.credit to the lvl 6 challenge on arcanum.co.nz

Share this post


Link to post
Share on other sites

thanks for the replies, im not too sure what you mean by unless "secure ftp is supported"..by this you mean server side, yto the server im uploading to?!?!?!

Share this post


Link to post
Share on other sites

Yes the server would have to support it. You would use the sftp commant on the client side. A way to test it out is ssh yourusername@ipaddress.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0