I like this host a lot, and the lack of secure file transfer is the only thing stopping me from committing to them for a new e-commerce site. I've seen a few recommendations for WebDav, but that would still involve at least one change on the host, namely enabling the mod_dav Apache module. I tried looking for open source PHP FTPS servers but had no luck. Any ideas?
Asked
Active
Viewed 118 times
1
-
Perhaps you should tell us what kinds of access you do have, as that is likely to affect possible solutions. – John Gardeniers Jan 21 '10 at 01:20
-
It's a shared web hosting environment. Dedicated IP, true SSL. I currently use regular FTP to do file transfers. No shell/command line access. No root access. I can't install executables on the server. I can't control which Apache modules are enabled. I do have the ability to modify PHP settings via custom PHP.INI files. I have access to folders outside/above the public web root, so I can properly password-protect arbitrary folders in the public web folders. That's all I can think of. – boot13 Jan 21 '10 at 18:01
-
More details: typical uploads would be web software like osCommerce, web site files (HTML/CSS/images) and data in the form of SQL. Downloads would be database backups in the form of SQL. Communication with the e-commerce software is already all encrypted via HTTPS. – boot13 Jan 21 '10 at 18:03
-
ah, Duck Amuck! http://en.wikipedia.org/wiki/Duck_Amuck – Jeff Atwood Jul 05 '10 at 08:05
2 Answers
2
You can try simple CGI/PHP form uploads via HTTPS.
Or, if the host machine has the software, you could try using PHP to decrypt files that you upload encrypted. Note, you may not have access to GPG/PGP, but most Unix platforms have "crypt" (not the strongest crypto, mind you, but in a pinch...) and most likely will have openssl which can be used to encrypt/decrypt.
Worst case (no access to local executables or a non-Unix platform) I'm sure there is ready-made PHP code for encrypting and decrypting local files. On Stack Overflow, the mcrypt module was suggested. Sure, it's a lot of extra work, but it's an option.
Where there's a will (or a whip), there's a way.
Geoff Fritz
- 1,727
- 9
- 11
-
Interesting. So I could write or find some PHP code (form/CGI) to do the uploads and downloads from within an HTTPS connection. If I was moving a lot of files that would be a pain, but if I encrypted the files into a single archive file I could then decrypt/expand it on the other end. A bit clunky but if I automated the process to some extent it shouldn't be too awkward. Of course, I was hoping for something magic that involves zero work (grin) but this is very helpful. Thanks! – boot13 Jan 21 '10 at 17:55
-
1If you are already doing it over a HTTPS connection, would that not already be secure? – sybreon Jan 22 '10 at 01:48
0
Is this for uploading files to the server? Do they provide SSH? If they do, you could transfer things over SFTP.
sybreon
- 7,405
- 1
- 21
- 20
-
Yes, for uploading web software, web site files and SQL data and for downloading SQL data. No SSH, unfortunately. That would be sweet. – boot13 Jan 21 '10 at 18:04