terra
New Member
Posts: 8
|
Post by terra on Jan 26, 2007 21:54:57 GMT 7
Giving it a possibility to set a DIRECT link to a file on the N5200 over the http protocol for user anonymous or guest with or without login?
I want to put some .wmv (Windows Media Video) files on the N5200 for downloading from others over the Internet. I will not use FTP.
|
|
|
Post by omega on Jan 26, 2007 22:02:27 GMT 7
I'm not sure what you really want You want to upload a file from your computer to the N5200? But you don't want to use ftp, nfs, appletalk or even http? How should the others from the internet be able to download the files? Please give some more details...... Andreas
|
|
jamis
Full Member
Posts: 109
|
Post by jamis on Jan 26, 2007 22:09:35 GMT 7
I think the idea was to be able to link to files on the N5200 via a public webpage without requiring a login to access those files..
Basically, to open up certain directories for public read access via HTTP.
Example.. i have a webpage on my webhosting service... i create a page and link to files on my N5200 at home.
|
|
|
Post by omega on Jan 26, 2007 23:43:57 GMT 7
Ahhhh, sure this is possible - and, this is what I've learned and recognized today, also some kind of security risc: Every file below /raid/data/module can be loaded with http.... In other words, try: 1.2.3.4/modules/cfg/modules.db and you'll get the sqlite module database - without any username and password. This also applies to all installed modules.... Conclusion:1) Every file below /raid/data/module can be downloaded without username and password. 2) It would be easy to write a module which just provides space and possibly do some kind of access control. So this would be the answer to the original question. 3) How can we protect the files below /raid/data/module? Anybody any ideas? Andreas
|
|
|
Post by kevincy on Jan 28, 2007 21:51:27 GMT 7
Ahhhh, sure this is possible - and, this is what I've learned and recognized today, also some kind of security risc: Every file below /raid/data/module can be loaded with http.... In other words, try: 1.2.3.4/modules/cfg/modules.db and you'll get the sqlite module database - without any username and password. This also applies to all installed modules.... Conclusion:1) Every file below /raid/data/module can be downloaded without username and password. 2) It would be easy to write a module which just provides space and possibly do some kind of access control. So this would be the answer to the original question. 3) How can we protect the files below /raid/data/module? Anybody any ideas? Andreas It seem in modules structure have a big problem. If let module web folder have its own master , it will be easy to protect module ,right?
|
|
|
Post by omega on Jan 28, 2007 22:52:26 GMT 7
I don't think so......
What do you think about using .htaccess protection? But for this we need to enable the mod_access apache module.
What do you think?
Andreas
|
|
|
Post by kevincy on Jan 29, 2007 9:28:48 GMT 7
I don't think so...... What do you think about using .htaccess protection? But for this we need to enable the mod_access apache module. What do you think? Andreas I have check the mod_access.so , it is exist on /opt/apache/modules folder. It mean ,you can load mod_access from httpd.conf .
|
|
|
Post by omega on Jan 29, 2007 15:50:44 GMT 7
Sure, everything is there, but even on request Thecus is not willing to add the mod_access module in the httpd.conf file in the upcoming release (I asked for that). And I was asking for an official way to protect the module directories without needing an expert doing manual corrections. The main question from me is: is it the right way to protect the module directory tree using .htaccess feature? I don't want that all file in the module directory tree are protected because for some modules it would be a feature to download files directly (and now we came back to the initial question ) Andreas
|
|