Doug I
10-11-2007, 12:47 PM
Hi,
I don't know if this has ever been brought up before... but recently we had some hacker attacks on our server and we have spent the better part of a week looking at all areas that need better security when remotely accessing our web server.
It turns out that one of our weakest links was the FTP access to our site. FTP login can very easily be compromised due to its lack of encrypted information including Login username and password.
Since we use SB6 to upload our installs via FTP... this has become a BIG concern for us now. Most other FTP solutions we have offer alternate secure connection options.
Solution for future SB release?
Probably the same solution I have found in most FTP client apps and popular Web management tools like Dreamweaver.... namely a Secure FTP capability using SSH2.
For the developer, it is relatively easy to implement an SSH Host session on either a Linux or Windows Server and there is nothing to buy (a few popular open source SSH Host applications to choose from).
A good example of how to implement something like this in SB would be to look at Adobe Dreamweaver. They have a very simple Secure FTP checkbox in the same place where they define the FTP login settings. Dreamweaver's integrated SFTP client then handles the appropriate SSH connection and communication to the host and begins the SFTP session for uploading files.
In all honesty, I don't know the complexities involved in adding something like this... but I imagine there are some developer libraries out there that could make this process quicker to integrate into a software product without starting from scratch.
I hope you consider something like this for future releases. In the meantime, I am going to be forced to use external SFTP clients to send my installs to the web. A bummer for me, as I love doing everything inside the flexible SB script language. :(
Later,
Doug
I don't know if this has ever been brought up before... but recently we had some hacker attacks on our server and we have spent the better part of a week looking at all areas that need better security when remotely accessing our web server.
It turns out that one of our weakest links was the FTP access to our site. FTP login can very easily be compromised due to its lack of encrypted information including Login username and password.
Since we use SB6 to upload our installs via FTP... this has become a BIG concern for us now. Most other FTP solutions we have offer alternate secure connection options.
Solution for future SB release?
Probably the same solution I have found in most FTP client apps and popular Web management tools like Dreamweaver.... namely a Secure FTP capability using SSH2.
For the developer, it is relatively easy to implement an SSH Host session on either a Linux or Windows Server and there is nothing to buy (a few popular open source SSH Host applications to choose from).
A good example of how to implement something like this in SB would be to look at Adobe Dreamweaver. They have a very simple Secure FTP checkbox in the same place where they define the FTP login settings. Dreamweaver's integrated SFTP client then handles the appropriate SSH connection and communication to the host and begins the SFTP session for uploading files.
In all honesty, I don't know the complexities involved in adding something like this... but I imagine there are some developer libraries out there that could make this process quicker to integrate into a software product without starting from scratch.
I hope you consider something like this for future releases. In the meantime, I am going to be forced to use external SFTP clients to send my installs to the web. A bummer for me, as I love doing everything inside the flexible SB script language. :(
Later,
Doug