MODULE: ISPC-AjaXplorer

[cfoe]

Hi Guys,
ISPConfig 3 is still lacking a WebFTP-Client (nearly) runnning "out-of-the-box".
Due to the feature request I totally support I will give it a shot by bridging AjaXplorer to the ISPConfig frontend.

"Watch" the repo on GitHub to let me know you like the functionality and/or post below.

Repo: https://github.com/foe-services/ispc-ajaxplorer
Discussion: down below

Resources:

• http://ajaxplorer.info/plugins/access/ftp/
• http://www.howtoforge.com/forums/showthread.php?t=54636
• http://www.howtoforge.com/forums/showthread.php?t=51671

Main characteristics:

• password-less login for admins/owner from within ISPC-Frontend
• Deployment via ISPC repository feature (http://ispc.foe-services.de) -> One-Click-Installation (planned)

And as always: Contributations are always welcome

[cfoe]

ISPC-Route53 module structure: https://www.mindmeister.com/179244210/ispc-ajaxplorer

[cfoe]

Please move to: Plugins/Modules/Addons

[cfoe]

Should ist be possible for admins to login to a FTP account without password?

[till]

This would be nice on one hand. But you would have to store cleartext passwords for that as ajax explorer would not be able to login to the FTP account of the website without it. And thats a thing that I would never do on my own server and I guess when a ISP has to explain to his customers that all their passwords were stored in cleartext in case that he got hacked, he will be out of business soon.

[cfoe]

Maybe there is a way without clear text pw.

I'll keep you posted.

Other CPs are doing it somehow. Maybe not via FTP but in file manager mode or something.
Ajaxplorer seems very flexible

[Croydon]

Quote:

Originally Posted by cfoe

Other CPs are doing it somehow. Maybe not via FTP but in file manager mode or something.

Some of them store cleartext passwords (like plesk does).

[till]

I guess if customers would know that plesk stores their passwords unencrypted, then they would switch to a ISP that has higher security standards. Do you remember the bad press when companys lost their user database incl. passwords due to hackers with weak password encryption like linkedin, so everyone could imagine what the users would say if a company says "oh, we lost your passwords and they were not encrypted at all".

I wonder if a company is liable for damages that occur for not taking care of user passwords in a appropriate way, I guess this might be even grossly negligent.

[Croydon]

I was kind of surprised when I saw that they are stored in cleartext. I wouldn't expect that from a big panel.

[cfoe]

I think the bigger the company the easier they get away with something like this.

Look at the Sony Network incident. No consequences for Sony