Automatically set up FTP only accounts for accepting datafeeds
Hello,
I'm trying to create a website that will accept and process datafeeds but with only a limited knowledge of php I have become unstick rather quickly. I'm trying to make it that people can register on our site and they will then be set up and sent their ftp log-in details automatically but am a little stuck as to how to do this. The plan is: - Each new user request generates a new folder in an uploads directory. The folder name would be that persons unique id from the mysql userid primary key. -The ftp only account, chrooted into that specific folder, is automatically created on the system (-really stick as to how to do this :confused:) -login details are automatically sent to the user -a cron job scans each folder to see if new files have been added and process the datafeed if a new file has been uploaded. -at the end of the day another cron job moves all the files into an archive folder I'm sure there must be a better way of doing this so any help would be much appreciated! :) |
Quote:
If you still want to go the "home brew" way, good luck, and here's some unsorted questions / comments for you: - How do you verify any user input doesn't include chars you should exclude? - How do you react to illegal input? Scrub or deny? - What's the time between account creation and upload readiness? - Do you detect "free" email providers and woudl that be a good thing? - Do you detect username iterations? Should you? - Do you intend to allow these services only over SSL? Why not? - What's the maximum amount of files a user can dump on the system? Per file filesize? How do you check that? How often? - Vsftpd allows you to create "virtual" users. A FTP-only account doesn't need an account on the system. - Does processing the datafeed include a validity check? Why not? I'll leave you with some links (from the LQ FAQ: Security references) that may or may not make for an interesting read: Apache Web Security Appliance With Apache and mod_security (SF): http://www.securityfocus.com/infocus/1739 Securing Apache Step-by-Step: http://www.securityfocus.com/infocus/1694 Securing apache2: http://www.securityfocus.com/infocus/1786 Suexec Apache suEXEC Support: http://httpd.apache.org/docs/1.3/suexec.html HOWTO Install PHP with SuExec: http://gentoo-wiki.com/HOWTO_Install_PHP_with_SuExec HOWTO Install PHP as CGI with Apache's suEXEC Feature: http://archiv.debianhowto.de/en/php_cgi/c_php_cgi.html How to set up suexec to work with virtual hosts and PHP (+PHP +public_html patch): http://alain.knaff.lu/howto/PhpSuexec/ PHP PHP and the OWASP Top Ten Security Vulnerabilities: http://www.sklar.com/page/article/owasp-top-ten Top 7 PHP Security Blunders: http://www.sitepoint.com/print/php-security-blunders PHP Security Guide: http://phpsec.org/projects/guide/ (PHP Security Library: http://phpsec.org/library/) PHPsec.org Security Guide considered harmful: http://www.hardened-php.net/php_secu...armful.51.html PHP: Preventing register_global problems: http://www.modsecurity.org/documenta...r-globals.html Securing PHP Step-by-Step: http://www.securityfocus.com/infocus/1706 PHP Security: http://www.onlamp.com/pub/a/php/2003...undations.html Security of PHP: http://www.developer.com/lang/article.php/918141 (PHP Foundations: http://www.onlamp.com/pub/ct/29) Auditing PHP, Part 1: Understanding register_globals: http://www-128.ibm.com/developerworks/library/os-php1/ Hardened PHP: http://www.hardened-php.net Web application security: http://www.heise-security.co.uk/articles/84511 Checking PHP Pixy (Check cross-site scripting and SQL injection): http://pixybox.seclab.tuwien.ac.at/pixy/ Exploiting Common Vulnerabilities in PHP Applications http://www.securereality.com.au/studyinscarlet.txt Application security testing Open Web Application Security Project (OWASP): http://www.owasp.org/index.php/OWASP...le_of_Contents Springenwerk Cross Site Scripting (XSS) security scanner: http://sourceforge.net/projects/springenwerk BTW: if you think you needn't read those I can only wish you may live in interesting times. |
All times are GMT -5. The time now is 10:25 AM. |