rejetto forum
Software => HFS ~ HTTP File Server => Topic started by: SamePaul on May 19, 2007, 11:12:44 PM
-
I've checked 'TODO' list, but I didn't find some features (maybe I've missed something - sorry for repeat)
- hide folders that currently logged in user is not allowed to access. I believe that less they see - less they will attempt to intrude :)
- limit account to specific subnet. For example I want to create privileged account for local subnet (192.168.X.X) but I don't want this account to be available for external users at all... Well, I thought not about private subnet, but about localhost (127.0.0.1). For SSL, you know ;D
-
- hide folders that currently logged in user is not allowed to access. I believe that less they see - less they will attempt to intrude :)
It's already implemented ;D
Menu --> Virtual File System --> List protected items only for allowed users
as for the other suggestion, might not be a bad thing ;D but i rather see some progess on the external folder creation and file deletion :)
//edit: forgot a word >_<
-
- hide folders that currently logged in user is not allowed to access. I believe that less they see - less they will attempt to intrude :)
It's already implemented ;D
Menu --> Virtual File System --> List protected items only for allowed users
Thanks.
as for the other suggestion, might not be a thing ;D but i rather see some progess on the external folder creation and file deletion :)
Oh yeah!! And return once home and see that someone broke into you computer and deleted everything that was possible, just because it happens the someone successfully sniffed your password when you logged in without SSL. I pray that rejetto will not implement it before the user accounts scheme become more flexible.
I believe we should think about security first.
BTW, once we'll have server-side scripting we'll have creation, deletion, dynamic content and tons of other stuff ;)
-
True, but i think HFS is ment for simple file sharing purpose only, not to store precious files who have a high value to you. It'd rather use a different program that is more secure to host something like that. But unfortunately, a simple file sharing program is all that i need :). I host my template and some music; so its not life-threatning IF it gets deleted. ;D
My server has been up and running for almost 6 months now; and i havent ran into any attempts to break in or what so ever. (*knocks on a wooden desk*) Its just doing its job as a small but perfect file server, but one thing that somewhat bothers me is that i have to remotely log into my server if i want to delete a file or add a new folder =).
-
Well... I personally don't bother about server-side scripting. HFS is exactly what I needed. And I use HFS primarily for myself.
Till yesterday I used FTPS server (FTP with SSL), but the problem was that FTPS:
* requires special FTPS client
* do not work via proxy so I had to fall back to regular FTP if I needed something from my workplace.
On the other hand HTTPS supporrted by any modern browser and works perfectly via proxy.
So by the time I used FTPS I encountered mild attacks every day. No that they were very successfull... :) But HTTP is much more prone to hacker attacks than anything else due to its spread. I don't want to play with fire more than it is neccessary.
And you said - HFS is primarily file server. I agree, but this means that security matters the most. So if I create account that can access (not even delete) something sensitive for me I would like to limit it at least to go over SSL only. In case of HFS it means "limit to localhost". But if we are talking about new feature lets define it more general - limit to subnet :) It can be useful not only for SSL-scheme.
Sincerely I could do it by myself, but it is in Pascal...
-
Ähm...
If you use a router, open only the SSL port and thats it ?
-
feature request accepted
-
First of all - I'm not behind router. But it does not matter. If I was wanting to make my server HTTPS-only - there is well known solution for this without routers-firewalls and whatsoever.
But I DO want to share something without access restriction. And HTTPS is not the best way, since the certificate I have is NOT trusted by default. So imagine people trying to see picture from my server and they see popups "Untrusted certificat" and other warnings. This make bad impression of hijacking. So I do want to give access HFS via HTTP for anonymous and only via HTTPS for authenticated users.
-
feature request accepted
Thank you.
-
feature request accepted
Any ETA when you might implement it?
Thanks,
Kizer
-
no ETA