[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Large file uploads via PHP

On Thu, Dec 07, 2006 at 12:06:04AM -0700, Nate Duehr wrote:
> If their network truly won't support PASV FTP, then something is
> seriously broken and they really need to get their network
> administration folks to look into it... if they are not without clue.

On the other hand, trying to use FTPS between two networks with stateful
default-closed firewalls won't trivially work, since neither can inspect
the control packets to know which ports to open for the data packets.
PASV won't fix this one.

At which point the server admin is required to preopen a bunch of ports,
give the FTPS server that list, and hope the list is long enough. ^_^

(Alternatively, the client can open a bunch of ports, put those into
their FTP client, and use Active FTP. No one ever seems to choose that
solution though.)

SFTP has the enormous advantage of being one connection from client to
server on a known port, quite easy to firewall, and the enormous
disadvantage of chewing lots of CPU and (in my experience) ending up
being somewhat slower... Using blowfish as the symmetric cipher helps,
and is probably secure enough for an sftp-only account.

Paul "TBBle" Hampson, B.Sc, LPI, MCSE
On-hiatus Asian Studies student, ANU
The Boss, Bubblesworth Pty Ltd (ABN: 51 095 284 361)

Of course Pacman didn't influence us as kids. If it did,
we'd be running around in darkened rooms, popping pills and
listening to repetitive music.
 -- Kristian Wilson, Nintendo, Inc, 1989

License: http://creativecommons.org/licenses/by/2.1/au/

Attachment: pgpbtWhR9xceo.pgp
Description: PGP signature

Reply to: