Journal WillAffleckUW's Journal: Using SFTP in a web page (really dumb question) 8
OK, so today I'm trying to write a web page to link a bunch of known files and transfer them to another location.
Due to HIPAA and VA rules this has to be a secure file transfer, encrypted.
When they get to our site, they have to login as a specific user. The user belongs to a group. The site forces HTTPS secure connection if they try to come in as HTTP.
So, normally, if I wanted to provide a link to a file I would go something like this:
Can I just use SFTP in place of FTP? Or if I specify FTP will it literally invoke FTP on the browser end? Since the entire thing is running under SSL2 for SSH is this just plain overkill?
Or am I just being extraordinarily clueless?
I ask, cause normally I write code that uses PHP and runs MySQL commands and literally builds the output files - CSV, XLS, etc - from scratch, and sets the transfer type and authentication level. But this is so primative - a literal ONE FILE TRANSFER LINK - that I can't remember what to do, as the last time I did something like that, not using FOPEN() and scanning a dir and popping an array and building stuff was like ages ago in Internet time, and back then we used FTP.
THANKS!
ok, so I think I may have an answer (Score:1)
Just going thru all the W3C web stuff I get "These functions are meant for detailed access to an FTP server. If you only wish to read from or write to a file on an FTP server, consider using the ftp:// [ftp] wrapper with the Filesystem functions"
As I'm reading it, it seems to be saying, based on some other areas, that since we're already running under HTTPS (secure SSL HTTP), the browser invocation of FTP will be in a secure instance and you can just use the "ftp://" invoke directly in an anchor tag, and it will
Re: (Score:2)
Thanks for the update on what you found. I was about to try it and pull out a sniffer. I still may just to see exactly how the protocol works. To wet to weed-eat the yard anyway.
Re: (Score:1)
Thanks, it would be useful to hear what you found
Re: (Score:1)
yes, but we have all our servers set up to take any ftp or http request and turn it into an ftps or https. Seriously, when you come in on a raw http: feed it turns into an https: feed and so on.
As to ports, we don't use the defaults.
Re: (Score:1)
Also, my "client" is the VA, they have no control over their physical boxen.
Final answer is, just link the raw files (Score:1)
So, given it is running HTTPS with specific user name and specific login and in a specific directory, just provided a direct file link which shipped it over the connection and the browsers invoked the XLS and CSV translator programs they were specified to use, from which they were prompted to save.
Geesh, that was too simple. I was thinking I'd have to specify it.
Guess not.
By the way, yes, our server runs under a credential that is NOT public. Makes us semi-invisible.