[development] What to do with Drupal FTP?

Aaron Winborn winborn at advomatic.com
Wed Jun 11 16:35:30 UTC 2008

I like the idea of an FTP API for similar modules to take advantage of. 
I'm not attached to it being Drupal FTP, although it does seem like a 
good enough namespace at this time. I just posted at 
http://groups.drupal.org/node/10893#comment-39618 as well, as I think 
the Plugin Manager soc project might also benefit from this.

arthur wrote:
> I did an implementation of FTP for media_mover to harvest files from a 
> server. I didn't didn't even realize that there was an ftp module 
> (damn my lazy search habits).
> I actually think it'd be nice to have a abstract ftp module that other 
> modules could implement. Yes, it has huge potential security issues, 
> which does require implementations to be responsible as well as alert 
> admins that they are opening up possible exploits. On the other hand, 
> it gives huge functionality benefits- in my case, being able to move 
> 100mb files without having users needing to deal with uploading via 
> http is a big deal.
> I guess I'd rather see one module which does the implementation that 
> tries to deal with the security issues rather than a dozen (like 
> myself) going it alone...
> I'd be willing to lend a hand in submitting patches and what not if 
> you want to keep the module going.
> arthur
> On Jun 11, 2008, at 11:07 AM, Aaron Winborn wrote:
>> Regarding Drupal FTP at http://drupal.org/project/drupal_ftp
>> I just had a conversation with chx in irc about the status of Drupal 
>> FTP, and its possible uses (if completed) for malware, and possible 
>> security holes. Particularly in light of the SoC project Plugin 
>> Manager, and that I stopped work on the project a year ago, I'm happy 
>> to drop the module.
>> However, the concept itself does have some merit, and there are many 
>> other uses I can think of other than what's planned for the Plugin 
>> Manager. Additionally, I've had a few queries over the months that 
>> indicate some developers are actually using the module, although I 
>> imagine they're in the minority. The project itself came partly out 
>> of the poor file handling that Drupal has had in the past (but will 
>> hopefully be fixed with http://drupal.org/node/142995 hint hint...)
>> So my question is what is the best course of action at this point? 
>> Currently, the module works, although is incomplete from its original 
>> goals. It does currently store the u/p of its designated FTP server, 
>> which is a weakness, although it would have to be developed beyond 
>> how it is to exploit that weakness.
>> I have no intention in the near term of continuing development of the 
>> project, don't plan to upgrade it to Drupal 6, and believe a better 
>> approach for remote file handling will emerge for Drupal 7.
>> Should I entirely remove the project? Officially abandon it? Amend or 
>> replace the project page with a warning, in case people are actually 
>> using it? Ask for a security team audit if we decide to keep it?
>> Thanks,
>> Aaron Winborn
> ---------------------------------------------------
> arthur at civicactions.com

More information about the development mailing list