• Recent
    • Unsolved
    • Tags
    • Popular
    • Users
    • Groups
    • Search
    • Register
    • Login

    Snapin and ftp password

    Scheduled Pinned Locked Moved
    FOG Problems
    3
    7
    409
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • O
      o71
      last edited by o71

      Hello,

      My FOG version is : 1.5.9.3

      While testing the snapin function, I noticed that I see the FTP password in clear when I launched a wireshark capture on the client workstation during the execution of the task (in an HTTP stream) :
      pb fog.PNG

      Is it normal, a problem with my configuration or a bug?

      Thank you.

      1 Reply Last reply Reply Quote 0
      • O
        o71
        last edited by

        I think the problem is in the file ‘lib/client/snapinclient.class.php’

        I suggest to replace line :

        header("X-Sendfile: $SnapinFile");
        

        By

        header("X-Sendfile: $file");
        

        What do you think about it ?

        Thanks

        1 Reply Last reply Reply Quote 0
        • S
          Sebastian Roth Moderator
          last edited by Sebastian Roth

          @o71 Interesting find! This has been in the code since a long time (long before I joined the team) and I am not sure if it ever worked like expected.

          Digging way back into the code repo at sourceforge we used before github I think I found when this was added. Though this was part of a major code change and it’s not mentioned why.

          • SVN r3996 when this part of the code was in a different location (service/snapins.file.php)
          • SVN r4032 as the snapin code was moved to it’s own class/file and X-Sendfile header added - see line 53 and line 96 of SnapinClient.class.php

          @Tom-Elliott Do you remember why this header was added? I’d think we can just remove it as it never made it into the Apache code and the module is not being maintained anyway.

          If we want to keep the header I guess we should make it:

          header("X-Sendfile: $filepath");

          Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

          Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

          Tom ElliottT 1 Reply Last reply Reply Quote 1
          • Tom ElliottT
            Tom Elliott @Sebastian Roth
            last edited by

            @sebastian-roth and @o71 x-send file was enabled so snapins could be downloaded from the web server without needing to load the File entirely into php, lessening memory and what not. I believe the correct usage would be more what Sebastian suggested, giving the absolute path, not the actual file, and likely an over site from me when coding the section. Back when I put it in. I was pretty new to php, so forgive me. I never coded to purposely expose anything. I will make sure it’s fixed properly in working-1.6.

            Thanks for letting us know. Even if Apache isn’t supporting it, it doesn’t hurt anything and if somebody wants to use an engine that does support it, all the better.

            Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG! Get in contact with me (chat bubble in the top right corner) if you want to join in.

            Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

            Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

            O 1 Reply Last reply Reply Quote 2
            • O
              o71 @Tom Elliott
              last edited by

              @tom-elliott @Sebastian-Roth Thanks ! Happy to help you 😉

              Have a nice day !

              1 Reply Last reply Reply Quote 0
              • S
                Sebastian Roth Moderator
                last edited by

                @Tom-Elliott I just pushed the change to header("X-Sendfile: $filepath"); in both dev-branch and working-1.6.

                Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

                Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

                Tom ElliottT 1 Reply Last reply Reply Quote 1
                • Tom ElliottT
                  Tom Elliott @Sebastian Roth
                  last edited by

                  @sebastian-roth thank you!

                  Please help us build the FOG community with everyone involved. It's not just about coding - way more we need people to test things, update documentation and most importantly work on uniting the community of people enjoying and working on FOG! Get in contact with me (chat bubble in the top right corner) if you want to join in.

                  Web GUI issue? Please check apache error (debian/ubuntu: /var/log/apache2/error.log, centos/fedora/rhel: /var/log/httpd/error_log) and php-fpm log (/var/log/php*-fpm.log)

                  Please support FOG if you like it: https://wiki.fogproject.org/wiki/index.php/Support_FOG

                  1 Reply Last reply Reply Quote 0
                  • 1 / 1
                  • First post
                    Last post

                  176

                  Online

                  12.1k

                  Users

                  17.3k

                  Topics

                  155.3k

                  Posts
                  Copyright © 2012-2024 FOG Project