rejetto forum

Software => HFS ~ HTTP File Server => Beta => Topic started by: rejetto on October 18, 2010, 10:20:25 AM

Title: experiment
Post by: rejetto on October 18, 2010, 10:20:25 AM
i'm experimenting with session based login.
there's logout too.
in this build a default template supporting it is included.
it should be compatible with old login, and thus old templates.
if javascript is enabled the login is also secure without SSL.
comments are welcome.

www.rejetto.com/hfs.exe
Title: Re: experiment
Post by: bacter on October 18, 2010, 04:04:28 PM
Login and logout works with new template in FF and chrome, with old templates login works too. But there seems no way to add a section logout [logout] to old templates without ajax - but this is ok, so we have to move to ajax what opens new ways to add features to our templates.
Title: Re: experiment
Post by: maverick on October 18, 2010, 04:36:55 PM
Login and logout also works with new default template in Opera.

I wouldn't mind adding a logout function to my customized template, but have no idea what is needed to add ajax to it.
Title: Re: experiment
Post by: r][m on October 18, 2010, 05:49:39 PM
I wouldn't mind adding a logout function to my customized template, but have no idea what is needed to add ajax to it.

I would also like to do this, but have little time to learn ajax.
Actually, I fear extensive use of ajax will cause an end to hfs for me.

@ Rejetto
With Firefox on Ubuntu/Wine logout didn't work.
Does this version or tpl have to be connected to the internet to function?
I noticed it tries to connect to google apis on my test machine, on XP Pro, which is LAN only.
Since it couldn't connect, it wouldn't load.
Title: Re: experiment
Post by: rejetto on October 19, 2010, 10:51:51 AM
new login doesn't require ajax.
for non-ajax usage just remove the __AJAX parameter.
indeed i said it works without javascript. There's no ajax without javascript. ;)
anyway atm i decently tested only javascript/ajax version, but the default template is (meant to be) designed to gracefully degrade without javascript.

don't get me wrong. I mean ajax is to get a better experience. Old features are planned to stay as they are without it.
maybe i will provide a standard template without javascript at all just as a bare bone for the faints of heart.
Is this guideline ok for you?
Title: Re: experiment
Post by: MJC on October 19, 2010, 05:14:38 PM
i'm experimenting with session based login.
there's logout too.
in this build a default template supporting it is included.
it should be compatible with old login, and thus old templates.
if javascript is enabled the login is also secure without SSL.
comments are welcome.

www.rejetto.com/hfs.exe


Wow, what a great version!  Nice job!  Any chance this will end up in the new high-speed hfs version?  I just got Verizon FIOS (35/35 pipe) installed and the old high-speed version allowed me to move a 110MB file in just a few seconds!  Would love to see this new version as high-speed!  Keep up the great work Rejetto!
Title: Re: experiment
Post by: etherknight on October 21, 2010, 09:23:12 PM
Quote
if javascript is enabled the login is also secure without SSL.

I think the term 'secure' should be taken with fairly large grain of salt. If the mechanics would be as I think they would be (e.g. using JS to leverage an MD5 and relying on either cookies or IP stability), then it would ever-so-slightly more secure than plain text across the WAN. Maybe it's being done an entirely different way, I don't know. But there are only so many ways JS could do this....

Not an issue for those who don't serve anything terribly sensitive. But we all know there are others who serve up for unsavory or less-than-legal material. I would caution those ones against thinking of a non-SSL login as 'secure'.
Title: Re: experiment
Post by: rejetto on November 01, 2010, 01:19:41 PM
you are right, but getting never 100% security with our computers, you should state HOW secure it is, and there's no standard i know to measure such security.
so having no good way, i just say "it's okay" (secure) and "not okay". Highly debatable, but it's good for non-techies (and it's short!).
Techies will be good to value this security on their own, and relating it to their needs. ;)


Just at a glance, i would say a man-in-the-middle attack should be hard enough with such configuration. Any opinion on this is welcome.
Title: Re: experiment
Post by: johnjaykay on November 19, 2010, 08:18:03 PM
you are right, but getting never 100% security with our computers, you should state HOW secure it is, and there's no standard i know to measure such security.
so having no good way, i just say "it's okay" (secure) and "not okay". Highly debatable, but it's good for non-techies (and it's short!).
Techies will be good to value this security on their own, and relating it to their needs. ;)


Just at a glance, i would say a man-in-the-middle attack should be hard enough with such configuration. Any opinion on this is welcome.

I think this software is the best you're gonna find for the money (FREE). If there's a feature you don't like or a problem with it, why not spend money and have someone fix it, or donate to them and help find an answer to the solution.


@rejetto...software is great! Helps me access my files every day.  I appreciate the hard work and effor on this.

John