Advanced search  

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Pages: [1]   Go Down

Author Topic: FTP upload???  (Read 4941 times)

0 Members and 1 Guest are viewing this topic.

Mastacheata

  • Coppermine newbie
  • Offline Offline
  • Posts: 19
FTP upload???
« on: November 18, 2004, 10:49:19 pm »

Is there a mod or sth like this that makes an ftp upload possible? HTTP Upload is easy and nice but an ftp upload would solve many problems.
My users complained many times they have to upload their pictures file by file and it is very slow by http upload.
The HTTP Upload has in most cases the restriction of a very low filesize. This restriction doesn't effect ftp so you could upload bigger .zip files by ftp.
Maybe anyone has posted something like this yet and if yes it would be nice to tell me where I can find it otherwise i will have to write an ftp upload feature on my own.
« Last Edit: November 22, 2004, 04:24:17 pm by GauGau »
Logged

Tranz

  • Dev Team member
  • Coppermine addict
  • ****
  • Country: 00
  • Offline Offline
  • Gender: Female
  • Posts: 6149
Re: FTP upload???
« Reply #1 on: November 18, 2004, 11:02:36 pm »

If your users have WinXP, they could use that winxp publisher. And/or, you would need to ask your host about increasing file upload size.
Logged

Mastacheata

  • Coppermine newbie
  • Offline Offline
  • Posts: 19
Re: FTP upload???
« Reply #2 on: November 18, 2004, 11:09:50 pm »

what i thought of was to open an ftp connection to my ftp server with a 2nd ftp account (to get around safe mode) and then move the files to the ftp server directly. My Users don' know quite much about computing maybe even nothing else than surfing webpages and hanging around in php chats.
I think I'll build my own one. It's not that hard because i was programming an own gallery script before I've seen cpg can also run in php safe mode and have the functions for that already done.
I'll post my results as a new addon maybe.

This thread can be closed if you want.
Logged

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47843
  • aka "GauGau"
    • gaugau.de
Re: FTP upload???
« Reply #3 on: November 19, 2004, 09:34:54 am »

Giving users access to ftp upload is a huge security risk if the server isn't yours to configure properly against possible attacks. You would either have to write your own ftp client (someting DJMaze is up to on the cpgnuke port, not sure if he succeeded). For security reasons batch-add is only available for admin users.
There's a mod about the menalto remote control that has been posted recently, maybe that's an option for you.

Joachim
Logged

Mastacheata

  • Coppermine newbie
  • Offline Offline
  • Posts: 19
Re: FTP upload???
« Reply #4 on: November 19, 2004, 11:14:23 pm »

I'll have a look on the remote control thingy. I know batch add is only available for admins but there's one of my users who doesn't know anything about computers and she will be the only one to upload pics and batch add them.
My FTP Connction works over a socket connection and my webhost told me there was no risk at all I had to fear/take care of.
Logged

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47843
  • aka "GauGau"
    • gaugau.de
Re: FTP upload???
« Reply #5 on: November 20, 2004, 09:59:58 am »

Urm, this is not the security risk I was refering to: if you allow ftp uploads, nothing will prevent users from uploading php or perl scripts - they could use them to easily take over the control of your webserver.
Especially if the person you want to give batch-add powers knows nothing about computers as you claim it will be most likely that he/she will break things in no time (e.g. uploading huge images that will grind the server to halt when using batch-add on them). You're welcome to remove the single line in searchnew.php that keeps non-admins from accessing the batch-add function, but don't say we haven't warned you.

Joachim
Logged

Mastacheata

  • Coppermine newbie
  • Offline Offline
  • Posts: 19
Re: FTP upload???
« Reply #6 on: November 20, 2004, 01:59:00 pm »

Now I understand wich problems you mean.
The executing scripts thing is not that huge problem because it's similar to the http upload in your scripts. I've built in a check for the file extension and set the mime-type of the files uploaded, so it will be not that easy to upload scripts to the webspace, even though there will always be some possibilities to do so.
You misunderstood what I plan to do with the batch add function. I won't make it available for everyone, just for this one person and the upload is also restricted to only me and the 2nd person.
Logged

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47843
  • aka "GauGau"
    • gaugau.de
Re: FTP upload???
« Reply #7 on: November 21, 2004, 07:46:41 am »

I understand that perfectly well. Maybe I didn't make my point. Give me ftp acces to your site and I will ruin it in less than a minute. There's no point in adding checking routines inside searchnew.php (the batch-add file): I upload a script file to your webspace using ftp and run it in my browser - your webserver will be dead before you even hear the shot.
However, if you think it's such a clever idea I won't mind - but just don't come back here and complain that coppermine was unsecure - it is you who is deliberatly making it unsecure. You have been warned.

Joachim
Logged

Mastacheata

  • Coppermine newbie
  • Offline Offline
  • Posts: 19
Re: FTP upload???
« Reply #8 on: November 21, 2004, 02:45:11 pm »

I don't want to complain about security reasons in cpg but I need to upload about 100 pictures in one day each month, so it's very uncomfortable to do this via http upload because you can only upload 4 single files or about 3-4 files at once in a zip file because my php upload size is restricted to 2MB.
In my FTP routine I can select a directory and upload all files within it. I would really appreciate to have a secure website, but don't know much about security reasons, so I thought it would reach out to set the content type.
I think I need to rethink my whole concept and then again have a look at what I'll do.

BTW: Why are you always talking about the batch add function??? It will not be publicly available. I've just got two admin accounts in my gallery and only those two can upload and use the batch add function.
Logged

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47843
  • aka "GauGau"
    • gaugau.de
Re: FTP upload???
« Reply #9 on: November 22, 2004, 12:54:28 pm »

well, you're recommended to ftp upload and use batch add for admins, that's what we always suggest and that's what the docs say as well. What's your actual question?

Joachim
Logged

Mastacheata

  • Coppermine newbie
  • Offline Offline
  • Posts: 19
Re: FTP upload???
« Reply #10 on: November 22, 2004, 03:34:39 pm »

Hey now you understand me... *g*
All I wanted to know was if there has been such a mod yet to replace the http upload with an ftp upload, or if I'd have to program this myself...
That Question was answered by you and TranzNDance already, but then you posted your concerns about making batch add feature publicly available, where you simply misunderstood me.
So now everything is clear for me...
Logged
Pages: [1]   Go Up
 

Page created in 0.021 seconds with 20 queries.