Your Daily Source for Apache News and Information  
Breaking News Preferences Contribute Triggers Link Us Search About
Apache Today [Your Apache News Source] To internet.com

Security, Privacy & Building Trust for Online Business

Apache HTTPD Links
The Apache FAQ
The Jakarta Project
Apache Module Registry
Apache Project
The Apache Software Foundation
Apache XML Project
Apache-Perl Integration Project
The Java Apache Project
PHP Server Side Scripting
Apache-Related Projects
ApacheCon

  internet.com

Internet News
Internet Investing
Internet Technology
Windows Internet Tech.
Linux/Open Source
Web Developer
ECommerce/Marketing
ISP Resources
ASP Resources
Wireless Internet
Downloads
Internet Resources
Internet Lists
International
EarthWeb
Career Resources

Search internet.com
Advertising Info
Corporate Info
File transfer options -- Part I: Secure iXplorer
Jan 12, 2001, 22 :39 UTC (2 Talkback[s]) (8404 reads) (Other stories by Jeremy C. Reed)

By Jeremy C. Reed

I have had websites hosted on remote servers that also hosted thousands of other sites. And I have ran and managed various webservers hosting hundreds of domains. Plus a lot of my consulting work included installing CGIs and webpages on a variety of servers. Probably over 99-percent of these experiences involved the Apache webserver -- but that's not what this article is about. Also around 99 out of 100 times, the only file transfer method available was ftp.

Over the past few years, I have heard more and more about not using telnet -- and to use ssh instead. And in the past couple years, several operating systems -- which previously ran telnet servers by default and did not even include secure shell servers -- now have secure shell servers installed by default and telnet daemons disabled.

But as far as I have seen, most web hosting providers continue to offer ftp as the only way to upload files. Like telnet, ftp passes usernames, passwords and other data in plain text. In other words, it is not a good idea. I have a feeling that many web hosting providers either don't care -- or they feel that secure transfer alternatives are not an easy option for their customers.

This is the first-part in a series of articles about different options for secure file transfers. I won't cover how to sniff connections, steal passwords or if SSH is really "secure". But hopefully, I can provide some information that will be valuable for your web hosting clients and for you -- the Apache webserver administrators. This first article covers a file transfer client for the end users -- it requires a secure shell server to be installed on the web server.

Secure iXplorer 0.8 for Windows

Yes, Secure iXplorer is for Microsoft Windows. Basically, iXplorer is a Microsoft Explorer-like, graphical front-end to a modified pscp, which is a text-based (DOS) scp client for Windows. (Pscp is from the same author of the popular PuTTY SSH client).

iXplorer seems to be a great option for Windows-only "webmasters" who need to upload files. And as an added bonus, it is open source -- the code is available. It was written in Delphi by Lars Gunnarsson of Austria and is available via http://www.i-tree.org/. It was officially released as version 0.3 in September 2000 and it has had active development the past several months with updates, bug fixes and improvements.

Source code and binaries are also available for an older and simpler dialog box-based front-end to pscp called PSCopy. Gunnarsson says that the internal concept stayed the same between PSCopy and Secure iXplorer, but the user interface is completely different.

Installation

It had been several months since I had last used Windows, but while I installed and used this program I didn't have any problems. When unzipping the download, make sure you unzip it into an empty directory or it will extract all the files into the current directory. (In my review, I just used the pre-compiled binary download.)

Then run the setup program which uses the familiar (to Windows users) InstallShield process. It should show you the license: it is GPL, plus it includes a variety of other code with other licenses (or freeware), but all appear to be free.

By default, it installs to "C:\Program Files\i-tree.org\Secure iXplorer\; this location will have the iXplorer executable and the modified pscp. Also it places an iXplorer shortcut in the Start menu. You should be able to delete the unzipped files once it installs.

Secure iXplorer

The Secure iXplorer interface opens up with several panes: on the right it has the local computer's directories and files and the left side is for the remote end.

No help documentation is included, but it is easy to use and self-explanatory. The toolbar includes several icons and a few menu items for doing tasks like adding or removing a SSH host entry, copy and paste from SSH host or local computer, creating a new local directory or changing the view file listing style (large icons, small icons, list or details).

Configuration

To get started, add a remote SSH host. Choose a display name to be listed on the left side (it should be unique -- I just used the host name), your SSH login username and the SSH hostname. Plus it has additional options like setting the default directory for the local computer, SSH port number and preserving file permissions/attributes.

You can also change the host configuration by right-clicking on the display name and choosing properties.

If you need to do some troubleshooting (or if you are just curious), you can uncheck the "Hide Console" checkbox so a DOS console window will pop up showing the pscp commands.

It also has a test option -- which I used with a bogus password and I received a "No response from host: SSH Host Timeout" pop-up window. And when I tried to login by clicking the new host entry (on the left window pane) and entering a bogus password again, then a separate DOS window opened up running pscp. Then it closed and I received an error again.

Secure iXplorer configuration

Using Secure iXplorer

When logging in (by clicking the host display name) for the first time, it prompts you for a password. And then a "New Host" pop-up window prompts you: "This host's host key is not cached in the registery. Do you want to add it to the cache and carry on connecting?" (Just to try new different options, I chose "no" and an error still popped up.) Also, the console mode automatically becomes enabled when it asks about the new host key.

When logging in with the correct password (and console was enabled), the DOS window said:

Logging in as "reed".
Sending command: ls -ls '.'

To transfer a file or directory (with contents) simply click and drag it to the the other window pane. Or you can copy files and then click paste on the other end to transfer. You can highlight and transfer several files at a time.

When transferring files with console enabled, the DOS window will show something like:

Logging in as "reed".
Sending command: scp -v -r -f flik.tiff
Sending file modes: C0644 921776 flik.tiff
A display at the bottom of the Secure iXplorer window shows transfer status, such as percentage transferred, how long it took or approximately the amount of time left and a bar showing progress. Plus the window pane at the bottom displays the filenames being transferred and to what user and host they are going to.

Because the status display shows the user and host name, I thought I could highlight files on different hosts to do simultaneous transfers. But when I clicked on one file on one host, iXplorer forgot the previous selection.

Nevertheless, you can start the transfer of one file and then start dragging-and-dropping additional files to add them to the transfer queue. You should be able to cancel queued files by right-clicking on them.

Secure iXplorer doesn't have any cancel button and you can't cancel a current transfer. But if you have the DOS window open, then you can try closing it (you'll receive an error) to try stopping the transfer. (If you know the Delphi API for finding the handle of the hidden DOS window, please let Gunnarsson know; he says then this can be implemented very easily.)

If you need to refresh the file listing view, press your F5 function key -- and pscp will do another "ls -la".

You can also configure the amount of seconds before a connection times out. It is not a real SSH connection, but just for use by iXplorer. You may want to boost the number of seconds above the default 15, so your connection will not be forgotten between tasks. When it times out, the files still are displayed, but clicking on them does nothing (and you don't receive any messages). This could be confusing. To get reconnected, simply select your host connection in the far left pane.

iXplorer stays running even when you close the window -- it is available via the Windows taskbar desktop tray. iXplorer remembers past settings when you reopen it and it shows the same files and directories as before. Plus you can transfer new files without entering a password again.

To have it really forget your password (so you will be re-prompted when you start it again), simply right-click the iXplorer icon on the desktop tray and exit it. (The Secure iXplorer webpage says that the password is not stored anywhere.)

Secure iXplorer lacks various features that are included with many ftp programs, such as view file, get directory as tar file, resuming transfers, ASCII text conversions, setting default remote directory, setting file attributes, sending custom commands to the ftp server, and deleting directories. Plus it doesn't do logging of transfer details.

I also found it inconvenient that you can't delete or move files on the remote host. The widget (or whatever Delphi calls it) lets you edit the filenames viewed from the remote host, but it doesn't really rename them. (You can work with files on the local system by simply right-clicking on them.)

Like normal ftp, it will overwrite files when you upload (in other words, it doesn't prompt to warn you).

A nice feature I'd like to see implemented is the capability to transfer files from one remote server to another remote server.

Conclusion

Gunnarsson has a variety of plans for improving Secure iXplorer to give it more functionality. I feel there is a lot of potential for this open source application and I believe it can become a complete replacement for ftp. Gunnarsson says he would be delighted if others participated.

For your reference, the remote SSH servers I tested were running OpenSSH 1.2.2 under Debian Linux 2.2, SSH 1.2.27 under NetBSD 1.5 and NetBSD Secure Shell 20001003 under NetBSD 1.5.

I didn't use Secure iXplorer with an environment where the ssh server was configured with "PasswordAuthentication no" and "RSAAuthentication yes". I did try it, but a DOS window repeated "Access Denied" numerous times; then a pop up window said "SSH Host Timeout" and then the DOS window never closed.

Secure iXplorer -- even though it lacks a bunch of useful functionality -- is a good alternative to ftp for uploading webpages. With its standard Windows interface, it shouldn't scare windows-only users.

In future articles, I'll review some more GUI-based file transfer programs and ideas. Some I may look at include Secure FTP and using web-based interfaces for uploading and managing files (maybe via the "multipart/form-data" encoding type post method). If you know of any good, easy-to-use, open source file transfer tools (for any platform) or if you have any advice, experience or opinions, .


Related Stories:
PHP Tutorial: Using ADODB to port your MySQL code (Dec 17, 2000)
OpenACS available on Apache(Dec 11, 2000)
PHPBuilder: Open Source Databases: As The Tables Turn(Nov 23, 2000)
The Perl You Need to Know: Personalization Methods Part 2(Oct 27, 2000)
Oracle Introduces Oracle 9i Application Server(Oct 02, 2000)
LinuxProgramming: Oracle Shows Microsoft How a 600-pound Gorilla Ought to Behave(Aug 10, 2000)
PHP on Apache: The Definitive Installation Guide(Aug 09, 2000)
PRN: Oracle Releases Oracle Internet Application Server 8i(Jun 28, 2000)

  Current Newswire:
perl.com: mod_perl in 30 minutes

Sun to allow open source Java implementations

SECURITY: Vulnerability in Apache for Win32 batch file processing

WebReference.com: mod_perl Developer's Cookbook

mod_l33t added to Apache Module Registry

Linux Easy Installer - Security Fixes

Daemon News: Jakarta-Tomcat on FreeBSD 4.4

Moto, a compilable server-side scripting language

SECURITY: Flaws Found in PHP Leave Web Servers Open to Attack

Everything Solaris: Apache: Handling Traffic

 Talkback(s) Name  Date
Dear Sirs:I currently use ixplorer, but i find that i cant reach parent director ...   parent directories   
  Sep 22, 2001, 00:46:40
For access to all server directories, right-click on the remote host icon, selec ...   Re: parent directories   
  Dec 10, 2001, 20:10:49
Enter your comments below.
Your Name: Your Email Address:


Subject: CC: [will also send this talkback to an E-Mail address]
Comments:

See our talkback-policy for or guidelines on talkback content.

About Triggers Media Kit Security Triggers Login


All times are recorded in UTC.
Linux is a trademark of Linus Torvalds.
Powered by Linux 2.4, Apache 1.3, and PHP 4
Copyright 2002 INT Media Group, Incorporated All Rights Reserved.
Legal Notices,  Licensing, Reprints, & Permissions,  Privacy Policy.
http://www.internet.com/