Currently Being ModeratedJan 23, 2012 8:54 AM (in response to marcHerf)
You're using ftp, so there's no point in thinking that your authentication credentials are secure. They aren't.
And since you're using ftp, there'll be issues with firewalls.
And ftp access to random parts of the file system is intentionally blocked.
In general, web servers should not be allowed write access to their directories, as that can reduce the damage from a web server breach.
As for one way to update the files, use the scp or sftp tools. Those are secure against exposing your credentials, and they can (if permitted by either protections or access control list) write to the web server directories, and scp and sftp can write pretty much anywhere a matching logged-in user can write.
Currently Being ModeratedJan 23, 2012 1:49 PM (in response to MrHoffman)
for your helpful reply!
googling "scp and sftp tool" i tried "firessh", "fireftp", "cyberduck", "filezilla"
- all of them are suitable for my purposes, especially "cyberduck"
since it provides features similar to those of mac's "go"/"connect to server"
& allows for read/write access.
dragging a folder from the server into a mac's sidebar via "cyberduck"
the server's files appear/become accessible as if they were saved onto a harddrive)…
some of the programs as mentioned above might be based on ftp technology
but i hope that my "little snitch" and firewall settings might keep me from being captured
Currently Being ModeratedJan 23, 2012 2:30 PM (in response to marcHerf)
FWIW, various web browsers will explicitly disable the use of credentials on the ftp:// command.
Mac OS X includes scp and sftp at the command line. You've found the typical GUI tools.
While ftp and sftp share three letters, some general syntax, and a similar purpose, these tools are otherwise very different tools, using different network protocols, different security; they're completely separate implementations.
Once you get the hang of using scp and sftp, you can also move to digital certificates, as these can be used in place of (or in addition to) user-specified passwords.
scp and sftp are much easier to punch through a firewall, if it comes down to requiring that.
Currently Being ModeratedJan 23, 2012 2:42 PM (in response to marcHerf)
some of the programs as mentioned above might be based on ftp technology but i hope that my "little snitch" and firewall settings might keep me from being captured
Neither Little Snitch or your firewall will do anything to protect your FTP server. They won't stop malicious users from attempting to log in to your server. They won't prevent a malicious user from sniffing your credentials over the wire as you log in, and they won't verify that an 'authorized user' is really who they say they are (with the possible exception of a firewall rule that only allows very specific IP addresses to connect).
Currently Being ModeratedJan 24, 2012 1:50 AM (in response to Camelot)
thanks,again, for all of your support -
you provided a lot of helpful information
(and scary facts that i have not been aware of before).
though i am not really feeling better now
(knowing my macs' data might be exposed to unauthorised access
once i customise the server's settings in an unconsidered manner)
i definitely found the information i need to proceed with my project!
More Like This
- Retrieving data ...
- This solved my question - 10 points
- This helped me - 5 points