FlashFXP Forums - View Single Post - version 1.x authentication? certificate based?

ganymede · 07-20-2005, 02:58 AM

i cant say i agree with you on that darkone, you cant put an ip on a disk and give it to someone. certs are movable fullstop. to get someones ip you have to hack and install proxy or hack a router along the way.... the chances of hacking a router well... not many people will do that. if they hack your pc they going to steal your certificate anyways.

i think the bottom line is that this is functionality that almost every decent FTP server has and now its being removed because its so called obsolete - not true.

Furthermore many people are going to migrate to something that does have this functionality... i dont think an external script should be doing something that has evolved to be core functionality and in this present age vital functionality.

My biggest question is that why remove it? i mean people can turn it off so easily.... *!* :P your decreasing the functionality list of your own product! - here is a brilliant example of why certificates might not work... let say we have a company who by policy only want their staff to access their ftp from specific company locations(ips) using their login.... ? hows a certificate going to help you? its not...

now the obvious comeback to the above situation is get a script - thats not the obvious solution to someone who is paying. to someone paying its get a product that meets my requirements.

i think from a business point of view this is a mistake, the proposed solution sounds great. But in actual fact we are trading an apple for an orange - replacing something that does one thing by something that does another.....

i know i sound biased but to be honest i dont even use ip checking because everyone i know is on dial up we have shit lines and funny ranges in south africa - however a lot of people i know do and they think its essential. The only reason iam raising flags now is because i have been developing a .NET version of a HTTP web administration tool and get a lot of feedback from various friends etc who simply wont run it without without ip checking - and realistically what SiTEOP would install io without it.

PS - one thing that pisses me off and seems to happen a lot nowdays is as software developers release new versions of their software and 'upgrade' certain features by removing others they forget that there are people who only bought the product for the feature that was removed - which goes back to an earlier point what harm is there to leave it in.

07-20-2005, 02:58 AM
ganymede Member Join Date: Dec 2004 Posts: 46	i cant say i agree with you on that darkone, you cant put an ip on a disk and give it to someone. certs are movable fullstop. to get someones ip you have to hack and install proxy or hack a router along the way.... the chances of hacking a router well... not many people will do that. if they hack your pc they going to steal your certificate anyways. i think the bottom line is that this is functionality that almost every decent FTP server has and now its being removed because its so called obsolete - not true. Furthermore many people are going to migrate to something that does have this functionality... i dont think an external script should be doing something that has evolved to be core functionality and in this present age vital functionality. My biggest question is that why remove it? i mean people can turn it off so easily.... ! :P your decreasing the functionality list of your own product! - here is a brilliant example of why certificates might not work... let say we have a company who by policy only want their staff to access their ftp from specific company locations(ips) using their login.... ? hows a certificate going to help you? its not... now the obvious comeback to the above situation is get a script - thats not the obvious solution to someone who is paying. to someone paying its get a product that meets my requirements. i think from a business point of view this is a mistake, the proposed solution sounds great. But in actual fact we are trading an apple for an orange - replacing something that does one thing by something that does another..... i know i sound biased but to be honest i dont even use ip checking because everyone i know is on dial up we have shit lines and funny ranges in south africa - however a lot of people i know do and they think its essential. The only reason iam raising flags now is because i have been developing a .NET version of a HTTP web administration tool and get a lot of feedback from various friends etc who simply wont run it without without ip checking - and realistically what SiTEOP would install io without it. PS - one thing that pisses me off and seems to happen a lot nowdays is as software developers release new versions of their software and 'upgrade' certain features by removing others they forget that there are people who only bought the product for the feature that was removed - which goes back to an earlier point what harm is there to leave it in.