PcExpert Posted February 6, 2008 Share Posted February 6, 2008 (edited) Hi all, How to safely store file on a webserver? it currently saved as plain text wich is very unsafe ofcourse. Maybe MYSQL? Thanks! Edited February 6, 2008 by PcExpert Link to comment Share on other sites More sharing options...
whim Posted February 6, 2008 Share Posted February 6, 2008 (edited) Hallo ! Why not run your favourite file encryption util on the the text file first ? Or use the AutoIt builtin encryption ? wim edit: Trouwens, je titel: save=bewaar, safe=veilig Edited February 6, 2008 by whim Link to comment Share on other sites More sharing options...
Kip Posted February 6, 2008 Share Posted February 6, 2008 is your script on the server, or the client side? MailSpons: Fake SMTP server for safe email testing Dutch postcode & address API. Link to comment Share on other sites More sharing options...
PcExpert Posted February 6, 2008 Author Share Posted February 6, 2008 (edited) The script itself is clientside, the files are on serverside. Communication is done by inetget and ftp commands. Edited February 6, 2008 by PcExpert Link to comment Share on other sites More sharing options...
Kip Posted February 6, 2008 Share Posted February 6, 2008 you could create a folder and remove all rights, then upload and download your files as administrator. MailSpons: Fake SMTP server for safe email testing Dutch postcode & address API. Link to comment Share on other sites More sharing options...
PcExpert Posted February 6, 2008 Author Share Posted February 6, 2008 How would I download it as administrator, by ftp? Link to comment Share on other sites More sharing options...
Kip Posted February 6, 2008 Share Posted February 6, 2008 if you know the password you're admin MailSpons: Fake SMTP server for safe email testing Dutch postcode & address API. Link to comment Share on other sites More sharing options...
PcExpert Posted February 6, 2008 Author Share Posted February 6, 2008 Wich password, the one from the ftp server? Link to comment Share on other sites More sharing options...
Kip Posted February 6, 2008 Share Posted February 6, 2008 yes MailSpons: Fake SMTP server for safe email testing Dutch postcode & address API. Link to comment Share on other sites More sharing options...
PcExpert Posted February 6, 2008 Author Share Posted February 6, 2008 Thanks! But just in case somebody finds a way to see the script source, will my login details for the ftp server be safe, or can it be read? Link to comment Share on other sites More sharing options...
PcExpert Posted February 7, 2008 Author Share Posted February 7, 2008 Someone? Link to comment Share on other sites More sharing options...
therks Posted February 7, 2008 Share Posted February 7, 2008 So you are planning on distributing this script? In that case, no, your details are not entirely safe. The compiling process does do a decent job of mixing stuff up and making a script hard to read if it were to be decompiled, which as I understand is only nearly impossible, not completely impossible, but it's still possible. As near as I can figure there isn't really any simple way to safely transfer data back and forth over the internet. My AutoIt Stuff | My Github Link to comment Share on other sites More sharing options...
PcExpert Posted February 7, 2008 Author Share Posted February 7, 2008 (edited) Can my script source be read by a debugger like ollydbg? and yes, i'm wanting to distribute it, but only if my FTP user and password cannot be read. Edited February 7, 2008 by PcExpert Link to comment Share on other sites More sharing options...
Kip Posted February 8, 2008 Share Posted February 8, 2008 when you login to the FTP server, you send your username and password over tcp. This is very easy for someone else to read. If you're going to distribute your script, I would use SSL for sending your password and username. MailSpons: Fake SMTP server for safe email testing Dutch postcode & address API. Link to comment Share on other sites More sharing options...
PcExpert Posted February 9, 2008 Author Share Posted February 9, 2008 (edited) Is there maybe another way? SSL isnt included in my hosting package. The hosting company says that if I want SSL I need to buy a dedicated server. Wich isnt cheap. Thanks! Edited February 10, 2008 by PcExpert Link to comment Share on other sites More sharing options...
Uten Posted February 9, 2008 Share Posted February 9, 2008 As I understand it the files are not stored on a webserver?you could create a folder and remove all rights, then upload and download your files as administrator.when you login to the FTP server, you send your username and password over tcp. This is very easy for someone else to read. If you're going to distribute your script, I would use SSL for sending your password and username.That is right kip. And it is why your first advice is absolutely and truly stupid in my mind.At least create an restricted account that only have rights on/in the particular folder in use. How secure you can make it depends on the server side software (including the ftp server, but not excluding any other software). Please keep your sig. small! Use the help file. Search the forum. Then ask unresolved questions :) Script plugin demo, Simple Trace udf, TrayMenuEx udf, IOChatter demo, freebasic multithreaded dll sample, PostMessage, Aspell, Code profiling Link to comment Share on other sites More sharing options...
PcExpert Posted February 10, 2008 Author Share Posted February 10, 2008 (edited) OK, so I made another FTP user now, with restricted access. But the problem is the following: The username is NewUser@mydomain.com So the full syntax would be NewUser@mydomain.com@mydomain.com . but autoit doesnt seems to handle the username well. When I try this: InetGet("ftp://NewUser@mydomain.com@mydomain.com/directory/test.txt") it doesnt work. This is probably because of the @ in the username. How to solve it? /EDIT: Does autoit support SFTP (FTP over SSL) ? Edited February 10, 2008 by PcExpert Link to comment Share on other sites More sharing options...
Kip Posted February 10, 2008 Share Posted February 10, 2008 (edited) dont you need a password for FTP? username:password@domain.comAnd it is why your first advice is absolutely and truly stupid in my mind.Why? If you have a folder on the server, without any rights, ( so you cant read, write or delete any contents)you can only acces it with a password. Edited February 10, 2008 by kip MailSpons: Fake SMTP server for safe email testing Dutch postcode & address API. Link to comment Share on other sites More sharing options...
PcExpert Posted February 10, 2008 Author Share Posted February 10, 2008 @kip You're right. Ofcourse I need a password. So it would be InetGet("ftp://NewUser@mydomain.com:MyPassword@mydomain.com/directory/test.txt") Link to comment Share on other sites More sharing options...
PcExpert Posted February 10, 2008 Author Share Posted February 10, 2008 (edited) still doesnt work. I think it doesnt work because autoit cant handle the way my username is. Right? Edited February 10, 2008 by PcExpert Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now