PHP client security.
Moderator: General Moderators
PHP client security.
How does the PHP FTP functions fall into the subject of the clients security? I mean, how does the client know if the php script is uploading a file to there local hard drive. I wouldn't think this posible, but. file_get() function is describing how it retrieves a remote file from the FTP server, and saves it into a local file. Now I don't understand how this could be secure for one that is browsing along web pages then come across a php page that downloads a file from the the server. Is there a security alert of some kind?
Am I missing something here?
Am I missing something here?
-
brendandonhue
- Forum Commoner
- Posts: 71
- Joined: Mon Sep 25, 2006 3:21 pm
That's not what Brendan said. But if what you say is correct (rather then what Brendan says, slightly confused) then how is it secure that a server can upload a file to the clients hard drive without warning? That is, if you are referring to the clients hard drive when you say "your hardrive".
I'm wondering where it's secure for the user to have that going on behind the scenes?
I'm wondering where it's secure for the user to have that going on behind the scenes?
The FTP functions allow your server (not your local machine) to connect to another remote server and upload/download files via FTP. They don't upload/download anything from your client machine unless your client machine is an FTP server and the remote server has username/password access in which case you probably would have given them that. They do not upload/download from the client machine. A client machine can upload files via and HTTP form (standard upload) and then transfer them elsewhere with the FTP functions. Does that make sense?
Yeah, thanks for clearing that up Ninja.
What language should I use that would act as a File Transferrer (download and upload files to and from the clients hard drive) with or without the clients consent? You see I was thinking about doing an Ajax FTP client. Is there other server languages that could do this other then Java, which I know can but I'm not leaning towards apps?
What language should I use that would act as a File Transferrer (download and upload files to and from the clients hard drive) with or without the clients consent? You see I was thinking about doing an Ajax FTP client. Is there other server languages that could do this other then Java, which I know can but I'm not leaning towards apps?
"with or without the clients consent?"
No ethics I see.
Your probably asking for some bother if you want to do this. Data protection etc etc springs immediately to mind. Its enough storing cookies on a client machine but actually uploading and downloding from a client machine with or without consent is something I would not do (unless i'm in hacker mode) <- is that what you are ?.
ibbo
No ethics I see.
Your probably asking for some bother if you want to do this. Data protection etc etc springs immediately to mind. Its enough storing cookies on a client machine but actually uploading and downloding from a client machine with or without consent is something I would not do (unless i'm in hacker mode) <- is that what you are ?.
ibbo
No, but I can see why you would think that. But if you read my last post more carefully, I'm making an AJAX FTP! So, I'm not meaning to do anything malicious, all I'm doing is trying make a FTP with Ajax. I could use java to access the clients hard drive for uploading/downloading but then I'd have to learn java.
When I say "with or without the clients consent" what I mean is:
With i.e. a alert message such as java's;
Without: a programming language that doesn't need an alert message, unlike java, to access the clients computer.
In speculation, I'm always going to have the clients consent to transfer files to and from the server via the UI. So when I say "with or without clients consent" it's referring to the language which can go about transferring files with or without the clients consent.
Now I know there is a language out there that does not need an alert message to transfer (download) a file onto the clients hard drive, how else would there even be malicious websites out there if there weren't. Now don't take that as if I'm going to create one of these sites, I just want my FTP to feel as much as a desktop application as possible.
When I say "with or without the clients consent" what I mean is:
With i.e. a alert message such as java's;
Without: a programming language that doesn't need an alert message, unlike java, to access the clients computer.
In speculation, I'm always going to have the clients consent to transfer files to and from the server via the UI. So when I say "with or without clients consent" it's referring to the language which can go about transferring files with or without the clients consent.
Now I know there is a language out there that does not need an alert message to transfer (download) a file onto the clients hard drive, how else would there even be malicious websites out there if there weren't. Now don't take that as if I'm going to create one of these sites, I just want my FTP to feel as much as a desktop application as possible.