[development] What to do with Drupal FTP?
winborn at advomatic.com
Wed Jun 11 16:35:30 UTC 2008
I like the idea of an FTP API for similar modules to take advantage of.
I'm not attached to it being Drupal FTP, although it does seem like a
good enough namespace at this time. I just posted at
http://groups.drupal.org/node/10893#comment-39618 as well, as I think
the Plugin Manager soc project might also benefit from this.
> I did an implementation of FTP for media_mover to harvest files from a
> server. I didn't didn't even realize that there was an ftp module
> (damn my lazy search habits).
> I actually think it'd be nice to have a abstract ftp module that other
> modules could implement. Yes, it has huge potential security issues,
> which does require implementations to be responsible as well as alert
> admins that they are opening up possible exploits. On the other hand,
> it gives huge functionality benefits- in my case, being able to move
> 100mb files without having users needing to deal with uploading via
> http is a big deal.
> I guess I'd rather see one module which does the implementation that
> tries to deal with the security issues rather than a dozen (like
> myself) going it alone...
> I'd be willing to lend a hand in submitting patches and what not if
> you want to keep the module going.
> On Jun 11, 2008, at 11:07 AM, Aaron Winborn wrote:
>> Regarding Drupal FTP at http://drupal.org/project/drupal_ftp
>> I just had a conversation with chx in irc about the status of Drupal
>> FTP, and its possible uses (if completed) for malware, and possible
>> security holes. Particularly in light of the SoC project Plugin
>> Manager, and that I stopped work on the project a year ago, I'm happy
>> to drop the module.
>> However, the concept itself does have some merit, and there are many
>> other uses I can think of other than what's planned for the Plugin
>> Manager. Additionally, I've had a few queries over the months that
>> indicate some developers are actually using the module, although I
>> imagine they're in the minority. The project itself came partly out
>> of the poor file handling that Drupal has had in the past (but will
>> hopefully be fixed with http://drupal.org/node/142995 hint hint...)
>> So my question is what is the best course of action at this point?
>> Currently, the module works, although is incomplete from its original
>> goals. It does currently store the u/p of its designated FTP server,
>> which is a weakness, although it would have to be developed beyond
>> how it is to exploit that weakness.
>> I have no intention in the near term of continuing development of the
>> project, don't plan to upgrade it to Drupal 6, and believe a better
>> approach for remote file handling will emerge for Drupal 7.
>> Should I entirely remove the project? Officially abandon it? Amend or
>> replace the project page with a warning, in case people are actually
>> using it? Ask for a security team audit if we decide to keep it?
>> Aaron Winborn
> arthur at civicactions.com
More information about the development