West Wind Internet and Client Tools
Secure FTP
Gravatar is a globally recognized avatar based on your email address. Secure FTP
  Russell Campbell
  All
  Feb 19, 2019 @ 11:57am

I'm using FTP to transfer updated program and data files to users of an app I wrote. I'd like to change to secure FTP, but the WW Client Tools don't seem to support that (unless I've overlooked something - and I do have an older version). So is there a way to do secure FTP with WW tools or should I maybe change to a web service to handle this?

Gravatar is a globally recognized avatar based on your email address. re: Secure FTP
  Rick Strahl
  Russell Campbell
  Feb 19, 2019 @ 12:21pm

The latest versions have support for SFTP.

+++ Rick ---

Gravatar is a globally recognized avatar based on your email address. re: Secure FTP
  Russell Campbell
  Rick Strahl
  Feb 19, 2019 @ 01:31pm

I should upgrade to the latest Web Connection, but I had problems on the last upgrade I undertook. Broke some stuff. I think you disallowed embedded expansion. I would build pages in pieces, with an outer HTML file, then and inner HTML file and then maybe the "inner file" would consist of multiple files sometimes (one page has 17 DIVs shown and hidden by menus and Javascript). I think there was expansion within expansion and that didn't work anymore (ExpandTemplate didn't work like it used to). Sadly, I think I'm on 4.53 or something like that.

Gravatar is a globally recognized avatar based on your email address. re: Secure FTP
  Rick Strahl
  Russell Campbell
  Feb 19, 2019 @ 02:01pm

That depends on how you do it. If you just embed a string with embedded expressions that string still won't be expanded. It's a huge security issue which is why that was removed. It was really a bug not a feature 😃.

Web Connection 6 and later introduces a proper framework for pulling in external pages and parsing them properly including expressions, so I think that's what you really want. There's the concept of a Partial Page which is just another page stored on disk, which gets loaded and parsed as a script and then embedded.

It looks like this:

<%= RenderPartial("~/listPartial.wcs") %>

There's also the concept of a Layout Page which is a sort of master page that can hold a site wide master layout, into which you can embed content pages. This reduces the amount of HTML you have to create for each page in your application significantly and also reduces the need for repetitive Partial Pages.

You can find out more here:

Layout Pages, Content Pages, Partial Pages and Sections

If you're using a function to pull in your content now you can probably do a search and replace to replace that with the RenderPartial() call instead.

If you really need to have dynamic content expanding of expressions you provide from a variable, you can do that too by using the MergeText() function.

<%= MergeText(items.ItemDetail) %>

This way this sort of expansion is explicit and not accidental.

The way it worked before (which is what you're describing) if a user entered script expressions and you happened to just echo that back on the page, they'd be able to enter FoxPro commands to execute which is very dangerous. If you're doing that now you might want to make very sure you don't have any place where you are not sanitizing your user input and checking for <% %> expressions in that user input.

Hope that helps,

+++ Rick ---

Gravatar is a globally recognized avatar based on your email address. re: Secure FTP
  Russell Campbell
  Rick Strahl
  Feb 19, 2019 @ 06:00pm

Yep, when I was looking at my code to refresh my memory about the issues I ran into, I saw that I had replaced usage of ExpandTemplate with MergeText. 😃

It sounds like the new features you mention are what I'd need. Thanks.

Gravatar is a globally recognized avatar based on your email address. re: Secure FTP
  Rick Strahl
  Russell Campbell
  Feb 20, 2019 @ 03:37pm

MergeText() doesn't solve the recursive processing problem - it still won't do recursive expansion but you can use MergeText() on the result of specific expressions that you expect to have to be recursively processed.

+++ Rick ---

© 1996-2019