Sign in to follow this  
Followers 0
PcExpert

Safe way to store files

26 posts in this topic

#1 ·  Posted (edited)

Hi all,

How to safely store file on a webserver? it currently saved as plain text wich is very unsafe ofcourse. Maybe MYSQL?

Thanks!

Edited by PcExpert

Share this post


Link to post
Share on other sites



#2 ·  Posted (edited)

Hallo !

Why not run your favourite file encryption util on the the text file first ?

Or use the AutoIt builtin encryption ?

wim

edit: Trouwens, je titel: save=bewaar, safe=veilig :)

Edited by whim

Share this post


Link to post
Share on other sites

#4 ·  Posted (edited)

The script itself is clientside, the files are on serverside. Communication is done by inetget and ftp commands.

Edited by PcExpert

Share this post


Link to post
Share on other sites

How would I download it as administrator, by ftp?

Share this post


Link to post
Share on other sites

Wich password, the one from the ftp server?

Share this post


Link to post
Share on other sites

Thanks! But just in case somebody finds a way to see the script source, will my login details for the ftp server be safe, or can it be read?

Share this post


Link to post
Share on other sites

Someone?

Share this post


Link to post
Share on other sites

So you are planning on distributing this script? In that case, no, your details are not entirely safe. The compiling process does do a decent job of mixing stuff up and making a script hard to read if it were to be decompiled, which as I understand is only nearly impossible, not completely impossible, but it's still possible. As near as I can figure there isn't really any simple way to safely transfer data back and forth over the internet.

Share this post


Link to post
Share on other sites

#13 ·  Posted (edited)

Can my script source be read by a debugger like ollydbg? and yes, i'm wanting to distribute it, but only if my FTP user and password cannot be read.

Edited by PcExpert

Share this post


Link to post
Share on other sites

when you login to the FTP server, you send your username and password over tcp. This is very easy for someone else to read. If you're going to distribute your script, I would use SSL for sending your password and username.

Share this post


Link to post
Share on other sites

#15 ·  Posted (edited)

Is there maybe another way? SSL isnt included in my hosting package. The hosting company says that if I want SSL I need to buy a dedicated server. Wich isnt cheap. Thanks!

Edited by PcExpert

Share this post


Link to post
Share on other sites

As I understand it the files are not stored on a webserver?

you could create a folder and remove all rights, then upload and download your files as administrator.

when you login to the FTP server, you send your username and password over tcp. This is very easy for someone else to read. If you're going to distribute your script, I would use SSL for sending your password and username.

That is right kip. And it is why your first advice is absolutely and truly stupid in my mind.

At least create an restricted account that only have rights on/in the particular folder in use. How secure you can make it depends on the server side software (including the ftp server, but not excluding any other software).

Share this post


Link to post
Share on other sites

#17 ·  Posted (edited)

OK, so I made another FTP user now, with restricted access. But the problem is the following: The username is NewUser@mydomain.com

So the full syntax would be NewUser@mydomain.com@mydomain.com . but autoit doesnt seems to handle the username well. When I try this:

InetGet("ftp://NewUser@mydomain.com@mydomain.com/directory/test.txt")

it doesnt work. This is probably because of the @ in the username. How to solve it?

/EDIT:

Does autoit support SFTP (FTP over SSL) ?

Edited by PcExpert

Share this post


Link to post
Share on other sites

#18 ·  Posted (edited)

dont you need a password for FTP? username:password@domain.com

And it is why your first advice is absolutely and truly stupid in my mind.

Why? If you have a folder on the server, without any rights, ( so you cant read, write or delete any contents)

you can only acces it with a password.

Edited by kip

Share this post


Link to post
Share on other sites

@kip

You're right. Ofcourse I need a password. So it would be InetGet("ftp://NewUser@mydomain.com:MyPassword@mydomain.com/directory/test.txt")

Share this post


Link to post
Share on other sites

#20 ·  Posted (edited)

still doesnt work. I think it doesnt work because autoit cant handle the way my username is. Right?

Edited by PcExpert

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0