FTP layer in File helper?

[Cheesegrits]

Are there any plans to add an optional FTP layer to the XF file helper?

By which I mean something similar to Joomla's ftp layer, which the admin can optionally enable, with configurable credentials. If enabled, the J! file API then drives an ftp session to localhost rather than using native PHP file system calls.

This would enable sites to remove the requirement for the web server to have write access on the XF web content, for any code that uses the file helper. In J!, this includes the auto-updater and installer.

In XF, I'm thinking specifically of addons like the advanced installer, where people are advised just to give their web server write access to XF. Which to me just sounds like a security disaster waiting to happen. Giving the web server write access to PHP files it can then execute is not a Good Thing <tm>. It feels like I'm back in vB land, with "make sure the following folders are set to 777 ..."

-- hugh

 

[Chris D]

where people are advised just to give their web server write access to XF.

I can categorically say I do not recommend nor do I advise people on taking this action. My advice is ALWAYS to speak to someone who understands the risks and how to mitigate them before having their server configured to use my add-on.

If people choose to go against this advice it is up to them.

You may not have been suggesting that I personally advise that, but I just wanted the point to be clear to avoid confusion.

 

[Cheesegrits]

I perhaps phrased that incorrectly.

What I should have said is, in order for addons like yours to work, the web server has to have write access to any folders it needs to create content in, and on any files it needs to update. Whether you "advise" people to set their servers up that way or not isn't really relevant. That's how the server has to be set up in order to for your addon to work, by uploading a ZIP and installing the 'upload' content into the file system, using native file handling.

Please note that I'm not criticizing you. This is an age old problem with any kind of CMS. And so far the only "safe" option has been for the CMS to provide an optional ftp layer, so an admin can then opt to give write access to the ftp layer user, not the web server user, on the file system.

XF hasn't done this yet, because they don't need to. For the very reason you wrote your addon. They require file system content to be uploaded via ftp, rather than writing it themselves from the installer. And I'm sure they did this for both security and system setup reasons, as it would have been trivial for them to implement an installer that uploaded, unpacked and installed a ZIP. But this would have run in to the same issues you often see on your addon page, where systems set up securely won't work like that.

All I'm saying is, I'd like to see XF provide an ftp layer, so any addon which needs to insert content into the file system (anywhere outside a 777 tmp dir) will just transparently work in either mode, depending how the admin has the system configured. You wouldn't have to change anything about your code, you'd just carry on calling the XF file helper. Internally the helper would then use localhost ftp instead of native PHP file handling calls.

-- hugh

 

[Cheesegrits]

I just want to stress that I am in no way putting you down, or saying you are doing anything wrong. Re-reading my original post, I can see that the way I used "being advised" was not the right way to put it. You aren't doing anything wrong.

I use your addon on my local test servers, and it makes the process of sandbox testing of various addons much easier. I've been using similar mods on vB since the first version of APM. I just won't run them on a production server, unless I have easy enough access to change the file system permissions on the fly, relaxing them only when I need to install something, and tightening up again after.

Part of what I've been doing for a living for quite some time (since before the Interwebz) is managing servers, providing server support, and helping diagnosing and fixing hacking attacks. I'd say about two thirds of the hacks I've dealt with involved this exact issue, with a system service having write and execute access on it's own content.

BTW, here's an example of J!'s abstraction, their JFile class. Good example is the JFile::write(), which as you can see does the write through either streams, ftp or native methods depending on the global config.

http://api.joomla.org/__filesource/...System_librariesjoomlafilesystemfile.php.html

I'd like to see something similar in XF, so we avoid the whole issue of "make sure it's 777" for any addon needing to write content to the file system.

-- hugh