Sannyasin Brahmanathaswami wrote:
> If using
> sftp://username:password@mydomain/sompath/somefile.ext
> is the user name and password "sniffable"
>
> I am under the impression it is not as SFTP encrypts *before* sending
> out the pipe.
>
> Is that understanding correct?
Yes, that's the key benefit of SFTP and FTPS over the older FTP, since
the latter is effectively handing control of you server over to any
man-in-the-middle.
FTPS works similarly to HTTPS, and requires an SSL certificate on the
server. SFTP uses SSH, and does not requires a cert. The differences
are summarized here:
<https://www.howtogeek.com/194740/what-is-the-difference-between-ftps-and-sftp/>
But either will establish a secure channel with the server before
negotiating login.
One challenge with either is that unless you use shared SSH keys with
SFTP (suitable only for admin tasks), they require embedding login
credentials in code. LC's script encryption isn't bad, but it's
generally good practice to avoid embedded passwords whenever practical
(everything is crackable, sometimes we forget to encrypt a stack, etc.).
Given that, and the general inefficiency of FTP for cases where you just
want to move data from client to server, more commonly that need is
addressed with an HTTP API on the server, which can be done with any
server process that allows scripting, including PHP, Perl, Python,
JavaScript, or a LiveCode Server CGI, as described here:
<http://lessons.livecode.com/m/4070/l/40708-how-to-upload-a-file-with-livecode-server>
FTP is great for ad hoc access to server files, like when you need to
navigate among files, etc. But there are better tools for most other
use-cases, like rsync and scp for admin tasks and HTTP for most
non-admin tasks.
--
Richard Gaskin
Fourth World Systems
Software Design and Development for the Desktop, Mobile, and the Web
____________________________________________________________________
ambassa...@fourthworld.com http://www.FourthWorld.com
_______________________________________________
use-livecode mailing list
use-livecode@lists.runrev.com
Please visit this url to subscribe, unsubscribe and manage your subscription
preferences:
http://lists.runrev.com/mailman/listinfo/use-livecode
