|
|
I am doing some research into ftp.
I have developed an website that allows the user to ftp files to a server.
I was just wondering if there are any security implications in doing so?
Any information is much appreciated.
ASP all the way
|
|
|
|
|
You are going to force them to log in ? Right ?
No anonymous connections. You may want to see if there is a method for your FTP server software to limit the amount of data a folder can have uploaded. (Think disk quota)
I would recommend monitoring the FTP destination folder very carefully for abuse; maybe a nightly job that would compare the number of files / size from the night before to the current day and send an email notification if too many files have changed or the file size has changed dramatically. Using a system like this, you won't bother an Admin with yet another email notification.
just some things to think about.
Good luck.
|
|
|
|
|
FTP passes login/password in the clear, so someone could intercept them. Use SFTP, if you can.
Naughty people like to find open FTP locations to upload naughty things. Then they tell their friends where to get those naughty things. Make the upload folder write-only. (If you need to have those files accessible via FTP again, you move them to a downloadable folder, after checking them out either manually or by a process you'll need to create.)
|
|
|
|
|
I have looked into the SFTP, and the only way of really doing this is using 3rd party component although there are some class librarys. Would another alternative be to use SSL and ftp?
ASP all the way
|
|
|
|
|
I'm pretty sure once you hit the FTP protocol it's just going to jump out of the SSL world.
|
|
|
|
|
Appreciate the info. I'll do some more research and come up with a solution looking into SharpSSH which looks promising.
ASP all the way
|
|
|
|
|
Hey there!
Im developing website using asp.net and html mixed.
So I rather chose to use html select tag and checkbox tag. Contact.aspx.cs (code behind) doesn't recognise it because it is html tags. Is there a way to recognise html tags in code behind?? Look at below codes (bold):
Contact.aspx:
id="dlist1" onchange="swapImage1()">
Faith Card
Grace Card;
Blue
Contact.aspx.cs:
msg += "Name: " + txtName.Text; // fine
msg += "<br>Surname: " + txtSurname.Text; // fine
msg += "<br>Email: " + txtEmail.Text; // fine
msg += "<br>Order:" + HtmlTextWriterTag.Select.ToString("dlist1"); // belong to select tag
msg += "<br>Order:" + HtmlTextWriterTag..... // belong to checkbox tag - how?
mail.Body = msg;
mail.BodyEncoding = System.Text.Encoding.ASCII;
Hope you can help fix it! Your help much appreciated. It is urgent. Thank you!
|
|
|
|
|
Add the runat="server" attribute to the html tags and use the corresponding controls from the System.Web.UI.HtmlControls namespace.
|
|
|
|
|
I followed your instruction. According to the result runat="server" attribute in the html tags is error.
Look at bold codes:
Contact.aspx
id="dlist1" onchange="swapImage1()">
<optgroup label="Sow Seeds of Love">
Faith Card
Code behind:
msg += " Order:" + dlist1.SelectedIndex; OR
msg += " Order:" + HtmlTextWriterTag.Select.ToString("dlist1");
Am I doing right???
|
|
|
|
|
You have not applied the server attribute to the select element
<select runat="server" name="order" size="12" multiple="multiple" style="width:330px;" onchange="swapImage1()">
Notice how this code was also formatted here. Please do the same.
Cyberoxy wrote: According to the result runat="server" attribute in the html tags is error
According to what results?
DO NOT ask for urgent help here. This is a volunteer site and people will answer you on their own time, not yours. Most people who can give you the most help will just ignore an urgent request as it is very rude.
I know the language. I've read a book. - _Madmatt
|
|
|
|
|
I am so sorry to irritate you but I dont mean it. It was urgent because I have to complete the website for my client today therefore I was so stressed. Next time I wont do it again.
Sorry it was not clear when I said "according to the result runat="server" attribute in the html tags is error" - I mean when I debug the website, it display error : 'HtmlSelect' cannot have children of type 'LiteralControl' after I copy yours : <select runat="server" name="order" size="12" multiple="multiple" style="width:330px;" önchange="swapImage1()"> plus I also have inserted using System.Web.UI.HtmlControls; in code behind. Seems it is difficult to solve it, isn't it?
Thanks for your time
|
|
|
|
|
Cyberoxy wrote: also have inserted using System.Web.UI.HtmlControls; in code behind
Are you creating the select element form the code-behind or in the markup? You can't do it both ways.
If you are adding the control via code-behind then it is already a server control. If you are creating it in the markup then you must specify the runat=server attribute.
If you are creating the select via code-behind why are you not using an ASP.NET Dropdownlist control?
Cyberoxy wrote: Seems it is difficult to solve it, isn't it?
It isn't difficult to solve at all when you know and understand what you are doing.
Cyberoxy wrote: It was urgent because I have to complete the website for my client today
Poor planning on your part is no excuse for rudeness. If you had properly planned this project you would not be rushing to implement something the day you are to deliver. That is inexcusable.
I know the language. I've read a book. - _Madmatt
|
|
|
|
|
I do not see the runat="server" attribute in the select tag.
|
|
|
|
|
Declare your tag like this:
<select id="mySelElement" runat="server">
.......
.......
.......
</select>
Then you should be able to access your html element from your code behind like this:
string selectedValue = mySelElement.Value;
|
|
|
|
|
Yes I did put runat="server" in the select element like this:
Error keeps displaying red line - runat=server. I dont know why!
I will try my best to find a solution. Thanks for your help, guys!
|
|
|
|
|
Did you get any compile error? If not, you can ignore the red line. And you have not specified an id attribute to the select tag. Without an id attribute, you cannot access it from code-behind.
|
|
|
|
|
Jeez I did put runat="server" and id attribute in the html element. Yes I did! Lets me show you my codes again. When I debug it, i got compile error:
Server Error in '/ELMARIE Website' Application.
Parser Error
Description: An error occurred during the parsing of a resource required to service this request. Please review the following specific parse error details and modify your source file appropriately.
Parser Error Message: Cannot create an object of type 'System.Boolean' from its string representation 'multiple' for the 'Multiple' property.
Source Error:
Line 115:
Line 116:
(Red)Line 117:<select runat="server" name="order" multiple="multiple" size="12" style="width:330px;" id="dlist1" onchange="swapImage1()">
Line 118: <optgroup label="Sow Seeds of Love">
Line 119: <option selected="selected" value="Images/NoneImage.gif">None</option>
You see I have put runat="server" and also id attribute in the html elements
Markup:
....
....
....
Code Behind:
string selectedValue = dlist1.Value;
|
|
|
|
|
No only are you rude and impatient asking for urgent help you ignore the etiquette and protocols here. How much help do you expect if you can't comply?
FORMAT YOUR CODE SNIPPETS!!!
I know the language. I've read a book. - _Madmatt
|
|
|
|
|
Ah I just found why runat="server" and id attribute were unreadable to you when I put bold on them. Thats why you guys didnt see anything. Im so stupid hehe!
When I debug it, i got compile error:
<b>Server Error in '/ELMARIE Website' Application.
Parser Error
Description: An error occurred during the parsing of a resource required to service this request. Please review the following specific parse error details and modify your source file appropriately.
Parser Error Message: Cannot create an object of type 'System.Boolean' from its string representation 'multiple' for the 'Multiple' property.</b>
<b>Source Error:
Line 115:
Line 116:
<b>(Red)Line 117:<select runat="server" name="order" multiple="multiple" size="12" style="width:330px;" id="dlist1" onchange="swapImage1()"></b>
Line 118: <optgroup label="Sow Seeds of Love">
Line 119: <option selected="selected" value="Images/NoneImage.gif">None</option>
</b>
You see I have put runat="server" and also id attribute in the html elements
<u><b>Markup:</b></u>
<select id="dlist1" runat="server" name="order" multiple="multiple" size="12" style="width:330px;" onchange="swapImage1()">
<optgroup label="Sow Seeds of Love">
....
....
....
</optgroup>
</select>
<b><u></u>Code Behind:</b>
string selectedValue = <b>dlist1</b>.Value;
|
|
|
|
|
Change
multiple="multiple" to
multiple="true"
|
|
|
|
|
Cyberoxy wrote: Im so stupid
Yes, you are. You have been told three times now to use proper formatting.
I know the language. I've read a book. - _Madmatt
|
|
|
|
|
|
Hey guys,
Hoping someone might be able to shed some light on a problem I am currently having.
I have a WebMethod being called by some javascript code, everything is working as it should, the WebMethod is a static string.
I am writing the output (which contains a small amount of html) to a hyperlink on my page (I'm adding a product to a basket and updating the link to the basket with item total etc.).
On my local dev machine, and on a staging version of the website (a copy of live) this all works nicely, the hyperlink shows what it is supposed to. But when put live, the WebMethod is called fine, and the output comes out in JSON format. This in itself I didn't think was a problem as I can just use jquery to parse the JSON, but it fails in firefox as being invalid JSON.
What's even weirder is that when I created a 2nd test version of the page (a carbon copy, just with the name changed), that behaves perfectly on live, without the need for JSON parrsing.
This isn't a problem in all browsers, IE, Chrome (release) and the latest Safari all pop the raw JSON in as the hyperlink text, Firefox (4) seems to parse it and shows the correct HTML.
Can anyone think why it would behave differently between 2 identical pages, where only the name is slightly different, and what the best way to parse the JSON is when it is returned from the WebMethod. Does it have to come back as JSON, I know xml is an option but really I could do with just a string..
I tried clearing all of my temporary files, so I know it's not a caching issue.
Live server (and the staging one too):
Win Server 2003
IIS6
The website is .Net 3.5, C#
Thanks in advance!
|
|
|
|
|
I get the exception : Cannot use a leading .. to exit above the top directory.
when I try to save a picture to the server, I use the line:
fupPicSummary.PostedFile.SaveAs(Server.MapPath(@"../Pictures/summary_" + campaign.ID + ".jpg"));
|
|
|
|