Results 1 to 4 of 4

Thread: Publishing to FTP Server, saving login details for application update?

  1. #1

    Thread Starter
    Junior Member
    Join Date
    May 2015
    Posts
    17

    Question Publishing to FTP Server, saving login details for application update?

    Hi guys,

    just wondering if there is an easy way to save ftp login details for when publishing a application so they are embedded / saved within the application?
    I am having an issue where when the app tries to check for updates upon startup and it cannot login due to no username/password provided.

    I'm talking about the check for updates in the publish wizard, if that makes sense.

    Thanks!

  2. #2
    Super Moderator jmcilhinney's Avatar
    Join Date
    May 2005
    Location
    Sydney, Australia
    Posts
    110,913

    Re: Publishing to FTP Server, saving login details for application update?

    Moved from VB.NET to Application Deployment.
    Why is my data not saved to my database? | MSDN Data Walkthroughs
    VBForums Database Development FAQ
    My CodeBank Submissions: VB | C#
    My Blog: Data Among Multiple Forms (3 parts)
    Beginner Tutorials: VB | C# | SQL

  3. #3
    PowerPoster jdc2000's Avatar
    Join Date
    Oct 2001
    Location
    Idaho Falls, Idaho USA
    Posts
    2,460

    Re: Publishing to FTP Server, saving login details for application update?

    Easy way? Probably not. Any saved credentials would need to be encrypted if you want them to be secure.

  4. #4
    PowerPoster wqweto's Avatar
    Join Date
    May 2011
    Location
    Sofia, Bulgaria
    Posts
    5,632

    Re: Publishing to FTP Server, saving login details for application update?

    Quote Originally Posted by j-servers View Post
    just wondering if there is an easy way to save ftp login details for when publishing a application so they are embedded / saved within the application?
    You can't.

    Suppose you encrypted your credentials really hard and then your app sends a request to ftp.myupdate.domain.com for new updates. The client can tweak C:\Windows\System32\drivers\etc\hosts file and point ftp.myupdate.domain.com to 127.0.0.1 localhost and install a simple logging ftp server which just saves user/password to a file on first request.

    If you try to use IP address directly for communications the user can sniff network traffic from their LAN card.

    If you somehow prevent network sniffing they can just open a debugger and dump your application memory to a file.

    The moment your EXE hits client machine all bets are off -- it can be dissected and any information extracted very easy.

    So you might as well think about allowing anonymous access to your ftp server or just move a notch to http/https for these updates.

    cheers,
    </wqw>

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  



Click Here to Expand Forum to Full Width