rejetto forum

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - 1337GamingNinja

Pages: 1
1
HFS ~ HTTP File Server / Re: HFS including SSl tools
« on: May 25, 2015, 11:57:55 PM »
I'm surprised that in my many years of using HFS I hadn't seen this thread. I personally already use STunnel with a CA provided SSL certificate to secure my server. I don't know if you have cipher settings set in STunnel but if you want to increase security (by disallowing less secure methods) I would suggest adding the following line to your stunnel.conf:

Code: [Select]
; Set Specific Ciphers
ciphers = ECDH+AESGCM:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-RSA-CAMELLIA256-SHA:DHE-RSA-AES256-SHA:ECDH-RSA-AES128-SHA256:ECDH-ECDSA-AES128-SHA256:AES128-GCM-SHA256:!NULL:!eNULL:!aNULL:!DSS:!RC4:!DES:!3DES:-MEDIUM:-LOW

That will also make Google Chrome stop telling you that the connection is encrypted using obsolete cryptography.

2
Beta / Re: Testing build #260
« on: July 02, 2010, 02:25:25 AM »
I love HFS and have been using it for quite a while.
Unfortunately I seem to have discovered a problem that I know how to prevent but it requires disabling an option I like to use.

The Problem:
It seems that when a user is logged in they are unable to archive.
I am using the new template. The archive option is allowed. The user account has access.

I have tried it on files which do not require a user to be logged in and on files which do require the user to be logged in.
When logged in the user cannot archive anything, the error page saying: "There is no file you are allowed to download" comes up after the dialog confirmation is shown and accepted.
However, if the login is cleared or there is no user logged in then the archiving of the same files works perfectly. Of course it is impossible to test this on protected files as the user must be logged in.

I have tested this locally and remotely using Firefox 3.6.6, Firefox 3.7a5, Chrome 5.0.375.86, Chrome 6.0.447.0, IE8 x32, and IE8 x64.
I tested using my typical HFS configuration and a blank HFS configuration tweaking a few minor settings until I found the fix.
Both tests use the new template (though my configuration is a modified version of said template).

The Solution:
The solution to it seems to be disabling "Include password in pages (for download managers)".

Other Thoughts:
Though I can live without that I do like having it so that I may use programs like VLC player to stream music/videos.
It also seems that by using https with stunnel it does not allow VLC to stream, sadly I believe this is a limitation of VLC with the https protocol.

Has anyone else found that they have the same problem?

Pages: 1