--
You received this message because you are subscribed to the Google Groups "Joomla! CMS Development" group.
To post to this group, send an email to joomla-...@googlegroups.com.
To unsubscribe from this group, send email to joomla-dev-cm...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/joomla-dev-cms?hl=en-GB.
In any case, is a good functionality, at least from the standpoint of being supported by JPlatform. For me, the CMS can even remove it, but is a loss do not have it in the framework.
--
You received this message because you are subscribed to the Google Groups "Joomla! CMS Development" group.
To view this discussion on the web, visit https://groups.google.com/d/msg/joomla-dev-cms/-/VjMlOtnx8JUJ.
Nick--
You received this message because you are subscribed to the Google Groups "Joomla! CMS Development" group.
To view this discussion on the web, visit https://groups.google.com/d/msg/joomla-dev-cms/-/2efdFyOIrWYJ.
It is often considered a better hosting arrangement to have suPHP available to help manage file permissions. Right or wrong, there tends to be an assumption that hosts who do not use suPHP also use other default/inexpensive/less than secure approaches that tend not to follow best industry practices.
On Thu, Jul 5, 2012 at 5:50 AM, Nick Weavers <nickw...@yahoo.co.uk> wrote:
I would be happy to test it.I am still intrigued by the claim that it is only needed for bad hosting providers. Can anyone elaborate?
Nick--
You received this message because you are subscribed to the Google Groups "Joomla! CMS Development" group.
To view this discussion on the web, visit https://groups.google.com/d/msg/joomla-dev-cms/-/2efdFyOIrWYJ.
To post to this group, send an email to joomla-dev-cms@googlegroups.com.
To unsubscribe from this group, send email to joomla-dev-cms+unsubscribe@googlegroups.com.
I would be happy to test it.I am still intrigued by the claim that it is only needed for bad hosting providers. Can anyone elaborate?
Nick
--
You received this message because you are subscribed to the Google Groups "Joomla! CMS Development" group.
To view this discussion on the web, visit https://groups.google.com/d/msg/joomla-dev-cms/-/UiXbUhhIkYIJ.
To post to this group, send an email to joomla-...@googlegroups.com.
To unsubscribe from this group, send email to joomla-dev-cm...@googlegroups.com.
--
You received this message because you are subscribed to the Google Groups "Joomla! CMS Development" group.
To view this discussion on the web, visit https://groups.google.com/d/msg/joomla-dev-cms/-/bz7rFnDVvisJ.
Well, lets see... 18yrs using the net, and NEVER ONCE been hacked via FTP. Proper jails and firewalls & passwords prevent 90% of such vulnerabilities
Bear
On 7/5/2012 1:01 PM, Micheas Herman wrote:
On Thursday, July 5, 2012 3:50:00 AM UTC-7, Nick Weavers wrote:I would be happy to test it.
I am still intrigued by the claim that it is only needed for bad hosting providers. Can anyone elaborate?
FTP is as insecure as telnet and should not be used over untrusted networks like the internet.
If you are actively using the ftp layer over the internet to upload files it is a question of when, not if, your login credentials are lifted and malware uploaded to your site.
It is user friendly but very stupid. (sort of like not requiring ssl for login forms.)--
Nick
You received this message because you are subscribed to the Google Groups "Joomla! CMS Development" group.
To view this discussion on the web, visit https://groups.google.com/d/msg/joomla-dev-cms/-/bz7rFnDVvisJ.
To post to this group, send an email to joomla-dev-cms@googlegroups.com.
To unsubscribe from this group, send email to joomla-dev-cms+unsubscribe@googlegroups.com.
Hi Micheas, et al.,
Do you know if it would be relatively easy to implement FTPs into the
Joomla core?
http://en.wikipedia.org/wiki/FTPS
Kind regards,
Nick
>
> On Thursday, July 5, 2012 3:50:00 AM UTC-7, Nick Weavers wrote:
>>
>> I would be happy to test it.
>>
>> I am still intrigued by the claim that it is only needed for bad hosting
>> providers. Can anyone elaborate?
>>
>
> FTP is as insecure as telnet and should not be used over untrusted
> networks
> like the internet.
>
> If you are actively using the ftp layer over the internet to upload files
> it is a question of when, not if, your login credentials are lifted and
> malware uploaded to your site.
>
> It is user friendly but very stupid. (sort of like not requiring ssl for
> login forms.)
>
>>
>> Nick
>>
>
> --
> You received this message because you are subscribed to the Google Groups
> "Joomla! CMS Development" group.
> To view this discussion on the web, visit
> https://groups.google.com/d/msg/joomla-dev-cms/-/bz7rFnDVvisJ.
> To post to this group, send an email to joomla-dev-cms@googlegroups.com.
> To unsubscribe from this group, send email to
> joomla-dev-cms+unsubscribe@googlegroups.com.
Is there a need for it to be in the installer, other than writing the ftp information to configuration.php? Will any part of the initial installation break if it's not enabled right away? If not, I'm in favor of removing it from the there.
I personally don't use it, and can't remember if I ever have, but would be happy to help test it.
Best,
Matt
Sent from my phone that uses an open source operating system.
--
You received this message because you are subscribed to the Google Groups "Joomla! CMS Development" group.
To view this discussion on the web, visit https://groups.google.com/d/msg/joomla-dev-cms/-/N-58K3-OIToJ.
Is there a need for it to be in the installer, other than writing the ftp information to configuration.php? Will any part of the initial installation break if it's not enabled right away? If not, I'm in favor of removing it from the there.
I personally don't use it, and can't remember if I ever have, but would be happy to help test it.
Best,
Matt
Sent from my phone that uses an open source operating system.
On Jul 14, 2012 11:54 PM, "Nick Savov" <ni...@iowawebcompany.com> wrote:
We could at least eliminate it from the installer if there's a consensus. Right now that step comes even before the Admin login information and site details.
Kind regards,Nick
On Wednesday, July 4, 2012 5:11:31 PM UTC-5, Mark Dexter wrote:Well, I think we can safely say that there is a strong preference for--
keeping the FTP.
Now, is there anyone that is willing to help test this as we go
forward? That is the biggest challenge with keeping it. If a few
people can help test this, especially with the upcoming alpha and beta
releases, that would really help us to make sure it keeps working for
3.0. Thanks! Mark
You received this message because you are subscribed to the Google Groups "Joomla! CMS Development" group.
To view this discussion on the web, visit https://groups.google.com/d/msg/joomla-dev-cms/-/N-58K3-OIToJ.
To post to this group, send an email to joomla-dev-cms@googlegroups.com.
To unsubscribe from this group, send email to joomla-dev-cms+unsubscribe@googlegroups.com.
Am 15.07.2012 14:13, schrieb Matt Thomas:
Writing the configuration file.
> Is there a need for it to be in the installer, other than writing the ftp
> information to configuration.php?
Best regards
Rouven
--
You received this message because you are subscribed to the Google Groups "Joomla! CMS Development" group.
I may be confused but it seems that it is being proposed that to save an installer step I will now have to manually save the config file? Is that what I am reading here?Accidental configurations? Can you elaborate on what you mean by that please?How about not fixing things that aren't broken and leave it as it is. There are plenty of actual issues that need to be dealt with like all the bugs that need patches.There are plenty of servers out there that need this feature and it isn't really fair to remove it and make them jump through extra hoops for no reasons other than to save an installer step that clearly states you can most likely skip it.I don't agree with trying to force folks to do things your way especially when the FTP layer was added to reduce support needs and manually saving the config file will only add to support issues.Terry ArthurSent from my iPad
On Sun, Jul 15, 2012 at 9:47 AM, Rouven Weßling <m...@rouvenwessling.de> wrote:The installation will work fine without the FTP mode. As the last step you'll have to manually upload the configuration.php and of course you have to remove the installation folder manually.
On 15.07.2012, at 15:40, Matt Thomas wrote:
> That seems like a very compelling reason to keep it in the installer for users that need it then.
I'd guess the main motivation of removing it from the installation, besides code simplification, is saving one installer step and also discouraging the use of the FTP mode.
Agree. Those sites that need it are notified during the configuration.php save.
Might be worthwhile to remove the FTP step during install and also from the Global Configuration. Then, when people are prompted to manually save the configuration.php file, they could be linked to a wiki page that explains how to manually turn on the feature, when they would need it, warn them not to permanently leave credentials in the configuration file, etc.
That will reduce the accidental configurations that are certainly happening today and still leave the feature for now for those who need it. Probably reasonable that it be restricted to those who can jump through a few more hoops to use it. The live_site is another setting that is manually offered, so it could be treated like that.
Best regards
Rouven
--
You received this message because you are subscribed to the Google Groups "Joomla! CMS Development" group.
To post to this group, send an email to joomla-dev-cms@googlegroups.com.
To unsubscribe from this group, send email to joomla-dev-cms+unsubscribe@googlegroups.com.
--
You received this message because you are subscribed to the Google Groups "Joomla! CMS Development" group.
To post to this group, send an email to joomla-dev-cms@googlegroups.com.
To unsubscribe from this group, send email to joomla-dev-cms+unsubscribe@googlegroups.com.
The Installer Component (com_install) uses the JFile/JFolder system
which already abstracts the FTP layer by design. It wouldn't need any
modification should FTP functionality be removed, only the underlying
libraries would need the change.
A) Will FTP access be removed from the platform? (In other words, has that decision been made? And if so, when will it be removed?)
--
You received this message because you are subscribed to the Google Groups "Joomla! CMS Development" group.
Realistically FTP mode could be nuked almost everywhere without the
com_installer being impacted remotely, it'd only be a dead code path.
There certainly isn't a "step" in there beyond a simple prompt that
appears if FTP is configured without a username or password which
neatly reconfigures itself if it isn't necessary to be hidden (and
thus ignored if not available).
Can you be clear which FTP "step" you mean?
I am currently overhauling the J3.0 installer.It will simply only show the FTP config page if the configuration.php or root folder is not writable.The FTP settings will still be fully available in the global configuration.From the different reactions in this thread I don't think it is smart to remove the FTP settings completely yet. Maybe in Joomla 4.0? :)
--
You received this message because you are subscribed to the Google Groups "Joomla! CMS Development" group.
To view this discussion on the web, visit https://groups.google.com/d/msg/joomla-dev-cms/-/8XQc2tFGoqIJ.