"I thought CrushFTP was an FTP server...what is this WebInterface thing?"
This is a common confusion with CrushFTP. Quick bit of history. CrushFTP 1.0 and 2.0 were strickly FTP servers. CrushFTP3 provided HTTP upload capability and some rudimentary HTML customizations. CrushFTP4 brought about a full scale WebInterface utilizing all the current technologies so that you can fully customize every aspect about it. Its not just an FTP server anymore.
The WebInterface allows users to access the files on your server with a WebBrowser. They can download, upload, rename delete, make directories, etc. All from a nice modern WebInterface. When they go to upload files to you, they get realtime feedback as to the speed of the transfer, a progress bar, and estimated time remaining. If you tried to do this without CrushFTP, you would have to have several custom PHP configurations, various config changes to your web server, PHP script files, and HTML / javascript. With CrushFTP, you double click on the application, and this is all immediately available without any other work. Talk about easy! And that's not all, there is also the CrushUploader that provides drag and drop support and compression for file transfers. Just keep reading.
"What makes CrushFTP's WebInterface special?"
First, lets talk about how customizable it is. Sure you can jsut enable it and go, but if you have someone who is up on their HTML standards, they can really go a long way with it. The layout of it, the color schemes, graphics & logos...everything can be modified. It just takes editing the XSL file and the changes take affect right away.
Uploading to the WebInterface is portentially faster than any other protocol. This is because it has a built in CrushUploader that will zip the files you are sending on the fly. Say you have a folder with 100 images, and text files in it (like a website). When you upload that with a normal FTP client, it has to send each file individually. If the file is big, things go as fast as your connection can handle. But when you start getting hundreds of small files, it can take a long time to upload each tiny file as much of the time is taken by the setup of the transfer and not by the transfer itself. The CrushUploader allows you to drag and drop, copy and paste, or "Browse..." for the files to upload. You can then choose to upload them as a ".ZIP" or normal. If your uploading a single large file, use "Normal", otherwise, you are probably better off using "Auto Zip". The "zip" feature doesn't make you wait while it builds a .zip file of your files before the upload starts. It zips directly to the CrushFTP server, no local files are ever made, and there is no delay before the upload starts. On my demo site, I have a folder with 400 files in it. It takes about 2 seconds to upload all 400 files. They are all small, but if they were uploaded "normally", then they would take close to 7 minutes! The zipping not only benefits multiple files being uploaded, but it also saves bandwidth allowing you to upload bigger files in less time.
http://www.crushftp.com/demo.html
And it goes both ways. You can also select a folder, or several files to download and click the ".ZIP" button. You will get a single .zip of those items generated on the fly directly to you. Otherwise it could get pretty painful clicking on 400 items individually... Then simply decompress the .zip you downloaded and you have allt he files you wanted!
The WebInterface supports resume downloads, and the CrushUploader supports resuming uploads as well.
"But if users are uploading .zip files, I have to decompress them before I can access them, right?"
Actually there is a built in plugin to handle this called the "AutoUnzip" plugin. You can access it in the Preferences of CrushFTP. You set it up to decompress uploaded .zip files once they finish. So a user will upload a .zip, then CrushFTP will decompress it and delete the original file. It will all be transparent to you and the user. Its an end to end solution allowing for compressed fast transfers.
"What is WebDAV?"
WebDAV is another part of the WebInterface. If you have heard of Apple's iDisk, it is essentially WebDAV. You connect from the OS X Finder to a WebDAV server and can mount it just like any other server on your desktop. You can read, and write to it, open files and edit them directly. So there is no need to use a web browser, or an FTP client. You can't get any more integrated or natural feeling to your end user than that. Check out the WebDAV server on my demo site to get a feel for how it works.
Easy to Configure!
And best of all, both WebDAV and the WebInterface run on one single port. No complex router / firewall configurations. Simply open up one port (default is 8080) for HTTP/WebDAV, or for SSL HTTPS / SSL WebDAV (default is 443). No issues with "passive" ports. Additionally from a server standpoint, you can monitor what your users are sending you better. FTP doesn't allow for the FTP client to tell you how big of file is being sent. WebDAV and the WebInterface do! So you will see estimated time remaining telling you how long you have to wait before the upload is complete!
Saturday, March 10, 2007
WebInterface Changes and Security Issues
Goodbye template.html
As of CrushFTP 4.1, there won't be any real "html" templates anymore. CrushFTP 4.1 uses XML and XSLT to generate the entire web interface allowing it to be completely customizable. All the data is provided in the XML, all you need to do is just decide how you want it formatted. The XML is then rendered either server side or client side to HTML to display.
As a result, the template.html file is now gone. One single file provides the WebInterface, template.xsl. You can make copies of it and individualize it for your various needs. Each user can have their own dynamic customized WebInterface. Easily incorporate your company's logos and CSS styles. The CrushFTP logo is provided as a template, but you don't need to keep it there. Simple replace the logo.gif with your own file and brand the WebInterface to your liking.
Security
A little about security. If your using HTTP for logins, you run the risk that someone could be watching your network traffic and gain access to your user and password for the server. So if this is soemthing you're concerned about, CrushFTP can do HTTPS as well. As it "ships", HTTPS is configured on the default port of 443. So if you point your browser to "https://your_ip/" you will be asked about a certificate not ebing valid. Click continue and you can then login. Everything is then encrypted and secure.
Self Signed Certificate
The warning about the certificate is because the certificate hasn't been given from a certificate authority. That cost around a minimum of $70 per year for a SSL certificate. What would it provide for you? If you are worried about someone hijacking your connection and providing their own CrushFTP instance with their own certificate generated that looks like yours...then you could be compromised. If your not the government or some kind of banking site...you probably won't have that concern. I can come up with far fetched scenarios where it could happen, but its pretty unlikely it would.
Anonymous Access
If you create an account named "anonymous" then no user/pass will be asked when a user connects to CrushFTP. Anonymous is just like any other account in CrushFTP, except it accepts any password. There is a link on the WebInterface allowing a user to "login" to see theirfiles. I highly recommend you never give "anonymous" upload rights. An example for an anonymous account is how you downloaded CrushFTP from me. I provide anonymous access to teh CrushFTP applications for anyone to download. Never think that because you didn't give your IP out to anyone that that makes you secure. Just be safe and only give the "anonymous" user access to files you truly wouldn't mind anyone having. If you don't make a user named "anonymous" then you have nothing to worry about.
As of CrushFTP 4.1, there won't be any real "html" templates anymore. CrushFTP 4.1 uses XML and XSLT to generate the entire web interface allowing it to be completely customizable. All the data is provided in the XML, all you need to do is just decide how you want it formatted. The XML is then rendered either server side or client side to HTML to display.
As a result, the template.html file is now gone. One single file provides the WebInterface, template.xsl. You can make copies of it and individualize it for your various needs. Each user can have their own dynamic customized WebInterface. Easily incorporate your company's logos and CSS styles. The CrushFTP logo is provided as a template, but you don't need to keep it there. Simple replace the logo.gif with your own file and brand the WebInterface to your liking.
Security
A little about security. If your using HTTP for logins, you run the risk that someone could be watching your network traffic and gain access to your user and password for the server. So if this is soemthing you're concerned about, CrushFTP can do HTTPS as well. As it "ships", HTTPS is configured on the default port of 443. So if you point your browser to "https://your_ip/" you will be asked about a certificate not ebing valid. Click continue and you can then login. Everything is then encrypted and secure.
Self Signed Certificate
The warning about the certificate is because the certificate hasn't been given from a certificate authority. That cost around a minimum of $70 per year for a SSL certificate. What would it provide for you? If you are worried about someone hijacking your connection and providing their own CrushFTP instance with their own certificate generated that looks like yours...then you could be compromised. If your not the government or some kind of banking site...you probably won't have that concern. I can come up with far fetched scenarios where it could happen, but its pretty unlikely it would.
Anonymous Access
If you create an account named "anonymous" then no user/pass will be asked when a user connects to CrushFTP. Anonymous is just like any other account in CrushFTP, except it accepts any password. There is a link on the WebInterface allowing a user to "login" to see theirfiles. I highly recommend you never give "anonymous" upload rights. An example for an anonymous account is how you downloaded CrushFTP from me. I provide anonymous access to teh CrushFTP applications for anyone to download. Never think that because you didn't give your IP out to anyone that that makes you secure. Just be safe and only give the "anonymous" user access to files you truly wouldn't mind anyone having. If you don't make a user named "anonymous" then you have nothing to worry about.
Wednesday, March 7, 2007
Upcoming Features
Lets get some feedback...
I've been busy working on some upcoming features in CrushFTP. I'm always looking for feedback, and its your feedback that helps shape how I go about implementing new features. My to-do list is never ending as I keep adding to it with users feedback.
Help be get some priorities on what you are most interested in.
CrushPGP - Plugin that makes all files listings end in ".pgp". Requesting one of these files results in the file being encoded / encrypted band streamed to the end user. When SSL isn't enough, maybe this is just the security you need. The private key used to encrypt files can be set on a per user basis. So you can have individual accounts that encrypt files differently in PGP. Its a reverse of the private / public key mentality. Some banks use this to ensure (if you trust the bank) that files being sent from them can only be read with someone who holds your public key. In this case...both keys are "private" as you keep them both secure.
This plugin will be one of my more complex plugins...so it will take a day or two to code.
File Filtering for WebDAV Email Events
Ever notice when you upload with the finder, your email notifications states something like:
test.tst 0 bytes
._test.txt 500k
That's because the finder uploads the file as the hidden file, then renames and swaps the files before deleting the originally named item. It keeps someone from potentially trying to access the file while its in progress. It however makes the email reporting be confusing!
I plan on creating some logic in CrushFTP 4 that will follow renames with uploads so the resulting email notification would contain only the files that were uploaded (with their final name after it was renamed) and none of the "." items that were uploaded, or items that were uploaded and immediately deleted.
Better Update Mechanism
So its no secret the update mechanism isn't really holding up as well anymore. It still works, but is far from ideal. Besides loading my main server more than needed, its slow for you...the real user of it! The next version of the update mechanism will only update files that have changed, and will transfer everything in a .zip. One single file to download.
Running CrushFTP behind Apache
CrushFTP 4.1 now supports running CrushFTP behind apache. This means that your main server will still be your main server. A path on your server, will be "reverse proxied" to CrushFTP. So when users go to: http://www.yourdomain.com/files/ they will get the CrushFTP WebInterface instead. ('/files/' is just an example...you can make it what you want.) It only takes a couple config entries in your apache config, and telling CrushFTP what "path" you have set, and the rest is handled for you. No need to open multiple ports as everything can come across on one port as well (80).
Have you seen my new plugins?
Just wrote a few new plugins. These include:
OSXNetInfo - integrate CrushFTP with OS X accounts (this includes OS X Server accounts)
AutoUnzip - Automatically decompress those .zip files users are uploading. Makes for an end to end solution. The CrushUploader automatically zip's files when they upload them, and the AutoUnzip plugin can automatically unzip them as they arrive.
PreferencesController - Lets you specify times of the day that specific configurations of the CrushFTP server are active. This means you could for example throttle bandwidth during the day, and let it loose in the evenings! Some other uses might be enabling certain plugins at different times, or disabling FTP access at specific times. Use the plugin to make a "snapshot" and that config will be used whent he specified time arrives.
Plugin Updates
The HomeDirectory plugin now has the option to put users in a new folders daily, hourly, whatever. You could use this to have a "rolling" folder where every days users get a new folder to upload into. Once the day changes, their previous days files are no longer accessible.
The CrushLDAP plugin also has been expanded to work with more LDAP servers. LDAP still ain't easy...but at least you have the options to configure it now.
I've got a lot of other features planned, some bigger than others. This is a good start to future posts I'll be making explaining things you can do with CrushFTP 4. Feel free to email me directly as well. I'm just getting started...:)
I've been busy working on some upcoming features in CrushFTP. I'm always looking for feedback, and its your feedback that helps shape how I go about implementing new features. My to-do list is never ending as I keep adding to it with users feedback.
Help be get some priorities on what you are most interested in.
CrushPGP - Plugin that makes all files listings end in ".pgp". Requesting one of these files results in the file being encoded / encrypted band streamed to the end user. When SSL isn't enough, maybe this is just the security you need. The private key used to encrypt files can be set on a per user basis. So you can have individual accounts that encrypt files differently in PGP. Its a reverse of the private / public key mentality. Some banks use this to ensure (if you trust the bank) that files being sent from them can only be read with someone who holds your public key. In this case...both keys are "private" as you keep them both secure.
This plugin will be one of my more complex plugins...so it will take a day or two to code.
File Filtering for WebDAV Email Events
Ever notice when you upload with the finder, your email notifications states something like:
test.tst 0 bytes
._test.txt 500k
That's because the finder uploads the file as the hidden file, then renames and swaps the files before deleting the originally named item. It keeps someone from potentially trying to access the file while its in progress. It however makes the email reporting be confusing!
I plan on creating some logic in CrushFTP 4 that will follow renames with uploads so the resulting email notification would contain only the files that were uploaded (with their final name after it was renamed) and none of the "." items that were uploaded, or items that were uploaded and immediately deleted.
Better Update Mechanism
So its no secret the update mechanism isn't really holding up as well anymore. It still works, but is far from ideal. Besides loading my main server more than needed, its slow for you...the real user of it! The next version of the update mechanism will only update files that have changed, and will transfer everything in a .zip. One single file to download.
Running CrushFTP behind Apache
CrushFTP 4.1 now supports running CrushFTP behind apache. This means that your main server will still be your main server. A path on your server, will be "reverse proxied" to CrushFTP. So when users go to: http://www.yourdomain.com/files/ they will get the CrushFTP WebInterface instead. ('/files/' is just an example...you can make it what you want.) It only takes a couple config entries in your apache config, and telling CrushFTP what "path" you have set, and the rest is handled for you. No need to open multiple ports as everything can come across on one port as well (80).
Have you seen my new plugins?
Just wrote a few new plugins. These include:
OSXNetInfo - integrate CrushFTP with OS X accounts (this includes OS X Server accounts)
AutoUnzip - Automatically decompress those .zip files users are uploading. Makes for an end to end solution. The CrushUploader automatically zip's files when they upload them, and the AutoUnzip plugin can automatically unzip them as they arrive.
PreferencesController - Lets you specify times of the day that specific configurations of the CrushFTP server are active. This means you could for example throttle bandwidth during the day, and let it loose in the evenings! Some other uses might be enabling certain plugins at different times, or disabling FTP access at specific times. Use the plugin to make a "snapshot" and that config will be used whent he specified time arrives.
Plugin Updates
The HomeDirectory plugin now has the option to put users in a new folders daily, hourly, whatever. You could use this to have a "rolling" folder where every days users get a new folder to upload into. Once the day changes, their previous days files are no longer accessible.
The CrushLDAP plugin also has been expanded to work with more LDAP servers. LDAP still ain't easy...but at least you have the options to configure it now.
I've got a lot of other features planned, some bigger than others. This is a good start to future posts I'll be making explaining things you can do with CrushFTP 4. Feel free to email me directly as well. I'm just getting started...:)
Subscribe to:
Posts (Atom)