Jump to content
  • Advertisement
Sign in to follow this  
spiralmonkey

FTP and auto-updating - how can i make it secure?

This topic is 4565 days old which is more than the 365 day threshold we allow for new replies. Please post a new topic.

If you intended to correct an error in the post then please contact us.

Recommended Posts

Hey all, i've made an application with an auto-update feature that FTP's files from my site to the user's machine, using windows' CftpConnection class. It occured to me that FTP (as far as i know) isn't very secure and allows both reading AND writing. This means that if somebody hacks my updater and gets the ftp password (probably pretty easy), they could UPLOAD and replace my files with theirs, with obvious potential consequences. I'm new to ftp'ing but is there a way to make my files read-only to ftp? Or is there some other protocol that is better suited to this scenario? right now i'm hosting with yahoo! and i don't see any options to change read/write permissions of files. any suggestions? thanks, alan [Edited by - spiralmonkey on January 19, 2006 9:59:38 AM]

Share this post


Link to post
Share on other sites
Advertisement
Secure in what way?

Secure against dictionary password attacks? Secure against somebody turning your FTP site into a warez/porn site? Secure against FTP server exploits? Secure against somebody intercepting the transmission? Secure against denial-of-service attacks? Secure against ISP or network outages? Secure against man-in-the-middle redirects for password theft? Secure against man-in-the-middle hijacking or file replacement attacks?



If all you're worrying about is somebody accidently replacing files, that's pretty easy to guard against. Unless they do other attacks, you can just use normal OS security features.

The OS can make the file read-only for certain classes of users. On unix that's just chmod 644 filename. On windows it's just click, click, click, click.


Share this post


Link to post
Share on other sites
Quote:
Original post by frob
Secure in what way?


secure in that i don't want somebody downloading an .exe that would be part of my update, adding a virus or whatnot to it, and replacing the .exe on my site with their infected one, which would end up infecting all my clients when they update.

Quote:
The OS can make the file read-only for certain classes of users. On unix that's just chmod 644 filename. On windows it's just click, click, click, click.


i guess that's a key of what i'm wondering. the only way i know to modify files on the host server (yahoo!) is through their file manager (crap) or by ftp, neither of which allows me to set read/write privileges, as far as i know. Is it a matter of finding a new host that allows ssh, and would that solve the problem?

Share this post


Link to post
Share on other sites
As far as I understand, you can restrict FTP access to whatever account is being used such that it is read-only. Then people can't replace your EXE's.

Edit: I didn't read your whole post originally, and I see you're using Yahoo and didn't see any read/write options. I can't help you there, sorry :p

Share this post


Link to post
Share on other sites
You have two problems:

You don't understand the concept of FTP accounts - if you actually control the server you would be able to setup a limited access account that could only see and read certain files, and could do nothing else. I would guess instead you have FTP access with some free web provider, and have never seen or worked with your own FTP server before.

You are using a hammer to drive in a screw. FTP is a horrible protocol, especially for the purpose you are trying to jam it into. You want downloads only? Try HTTP. Want password protected downloads? Password protected HTTP (.htaccess), password protected HTTPS, or PHP/ASP/JSP checking with streams.

Share this post


Link to post
Share on other sites
Quote:
Original post by Michalson
You have two problems:

You don't understand the concept of FTP accounts - if you actually control the server you would be able to setup a limited access account that could only see and read certain files, and could do nothing else. I would guess instead you have FTP access with some free web provider, and have never seen or worked with your own FTP server before.

You are using a hammer to drive in a screw. FTP is a horrible protocol, especially for the purpose you are trying to jam it into. You want downloads only? Try HTTP. Want password protected downloads? Password protected HTTP (.htaccess), password protected HTTPS, or PHP/ASP/JSP checking with streams.

you're correct. I have almost no experience with FTP accounts and have not worked with my own server, and am unfamiliar with the +/- of all the protocols out there. It's a yahoo! small business account but it's becoming obvious it's not geared towards what i need. It sounds like i should look for a non-FTP solution, thank-you for recommending some. I'm also planning to leave yahoo! for 1&1 hosting.

I would also like to allow for uploading of info as well (when they update) such as performance statistics, and potential crash reports. Can anyone recommend what protocol i might use in this case?

Share this post


Link to post
Share on other sites
It sounds like both of your problems -- that of distributing program updates, and of collecting problem reports -- could be handled with the HTTP protocol, as Michalson suggested. The latter with a simple form processing program in PHP/ASP/whatever.

Share this post


Link to post
Share on other sites
Sign in to follow this  

  • Advertisement
×

Important Information

By using GameDev.net, you agree to our community Guidelines, Terms of Use, and Privacy Policy.

We are the game development community.

Whether you are an indie, hobbyist, AAA developer, or just trying to learn, GameDev.net is the place for you to learn, share, and connect with the games industry. Learn more About Us or sign up!

Sign me up!