There are a lot of compelling reasons to use SFTP and even though the ability to provide this on servers has been around for an age, the usage of it is all or nothing, i.e. you can not run both a standard FTP client on the server and an SFTP variant, so when a host does take that plunge and switch to it, then those using those services need to have all of there applications capable of operating under it, which is very rarely (if ever) the case, so when a server is switched to it, there will always be lots of unhappy and unable to connect customers.

If Actinic were to employ it, then it would have to make it an option under the FTP abilities of the software, so that those on the more standard FTP can continue as normal and those who want or servers provide SFTP can use that, so the option (Which would be good), but it can not just switch it across as it will have to cover both worlds.

In the short term, do not believe SFTP abilities will simply appear in Actinic anytime soon, as it will take time (if they are planning on deploying it that is), but would be good to see it appear sometime in the future, sooner rather than later if possible.

Ooooooooooooops.....

There is a solution for this which I just remembered from http://www.bitvise.com/ where it effectively tunnels a standard FTP connection to an SFTP connection/destination called Tunnelier, which should do the job I think of overcoming this issue...

Take a look at the website for details on it, and afraid apart from just recalling this product, have never used it..

Clearly SFTP would be superior as it is much more secure than FTP.

It hasn't reached the top of the development priorities simply because there haven't been any requests for it that we're aware of in the last couple of years, until now. The other problem is that most hosts, up until now, don't support it. So providing it would have no impact on security for most people.

Chris
Actinic

I would preffer SFTP, it would definatly get my vote. Security should take prefferance.

Ok, I downloaded Tunnelier and have established a connection to my hosts sftp server. Actinic is able to upload files without any problems through the tunnel but for some reason it is unable to change any of the file permissions.

I'm trying to figure out if not being able to change file permissions would be an issue with my host (perhaps not giving me the correct permissions?), Actinic for whatever reason or just a limitation in the Tunnelier software. I can change the file permissions manually through the Tunnelier SFTP client, Actinic just can't do it as it uploads through the tunnel. Any suggestions as to what may be the cause of this?

Also, if Actinic isn't about to add SFTP support (which would be a shame) perhaps the least they could do is a write up on using some port forwarding software so users who are stuck with SFTP hosts can at least have one documented work around...

Ok, well, I'm still trying to figure out what is wrong with tunnelier and why Actinic can't change the file permissions and what not.

In the mean time I decided to write a .bat file that would copy all of the neccessary files into a central location so I could easily upload the files. (Perhaps the Actinic guys could take this idea and come up with something that is a little more polished then mine... It only took me a few minutes to come up with this)

The script I wrote goes through the site1 folder and copies the files needed to:

c:\upload

where I have to subfolders

c:\upload\acatalog
c:\upoad\cgi-bin

The idea is to mirror what is on the webhost. The idea is to only have to move what is in these folders to the webserver and not have to hunt and peck for the files in the site1 folder.

I'm posting it here in case anyone else might be interested in it. I have the following saved to a .bat (simple text file with .bat instead of .txt as the exstension) file which I execute from the windows console.

Note that I do not have a command to copy any pictures, this is because in my site1\imgs directory I have a bunch of subfolders that my pictures are located in. I don't know the command to copy seperate subfolders into a single folder.

You will also note that I do a lot of deleting, this is because I'm just grabbing all of the files with the script exstension .pl and .pm and .fil. This results in a bunch of extra sript files that are not needed in the actual cgi-bin folder. I'm going back through and removing the ones that aren't needed. I'm not an actinic developer so I'm not 100% positive on what files to remove so I'm just guessing, I know there are still several script files that I missed that could be removed (hopefully I'm not removing any that are needed).

One last note, all of my file locations are relative to my computer. If you try to use the script you need to change some of the file locations to represent what you have on your own computer.

Anyway, here's the script. I hope it can help others who are in the same position as myself...






cd..
cd c:\program files\Actinic v7\Sites\Site1
copy *.cat c:\upload\acatalog
copy *.js c:\upload\acatalog
copy index.html c:\upload
copy *.pl c:\upload\CGI-Bin
copy *.pm c:\upload\CGI-Bin
copy *.fil c:\upload\acatalog
cd..
cd c:\program files\actinic v7\sites\site1\sitehtml\
copy *.* c:\upload\acatalog
cd..
cd c:\upload\cgi-bin
del cartmanager.pl
del checkperlversion.pl
del adjustmenttemplate.pl
del accountsscript.pl
del testsettings.pl
del siteexplorer.pl
del shoppingcart.pl
del searchscript.pl
del searchhighlight.pl
del perlscript.pl
del orderscript.pl
del nph-download.pl
del nph-dl000001.pl
del mergediff.pl
del mailscript.pl
cd c:\Documents and settings\Robert\Desktop

I think the option should be included so that those of us who run our own servers can use SFTP and ensure the continued safety of them. I think in today's climate of server hacking Actinic should act responsibly by providing that option.

Bob

Okay, so now I can manually upload my website okay, but trying to download orders won't work. Now I have to figure out how to manually download the orders and bring them into Actinic. Great.........

It can't take that much effort to add SFTP support. Or at least come up with some sort of method that is compatible with some tunneling software.

The excuse that there isn't enough return on investment to justify developing this is just a cop out. Security should be number one on the list and from what I understand FTP is by no means secure. The usernames, passwords, heck even customer details and orders are traveling over an unsecure connection for all the world to see. This sounds like a potential liability issue to me.

Actinic, be a pal, take some time and fix this issue. There might be a small minority of us that are stuck in this rut, but it's only because our web hosts see the potential problem and are doing their part to make things more secure. You should be doing the same thing. Add it as a patch!

I'd like to say that if you didn't then I'm packing up and moving on but I have some much time and effort (not to mention money...) in this piece of software that I'm stuck with it, at least at the current moment. I'll just be a very unhappy and vocal user, especially when it comes to this item.

You can't download orders ? That's strange as I thought actinic pulled them down using http. Maybe I'm getting confused with the way they handle emails.

Mike

Thanks for asking about this, I goofed up on this one... I had played around with the proxy settings in order to try to get tunnelier to work with Actinic. I didn't realize that this would affect the downloading of orders. Thanks for the information, that puts me in a little less of a bind. At least now I can retrieve orders and upload the website (manually uploading by a ftp client that is).

I definitely agree that SFTP support by Actinic is a good idea. These days, there is no such thing as being "too security conscious". In fact, I even think all ISP's should offer SFTP as standard.