amelian amelian - 1 month ago 13
HTML Question

SSL and FTP url on HTML file with username and password

I have a doubt with one request/response across Web Browser and Server with SSL Certificate. Please, imagine the following case (similar question here):

I want that the server, response a HTML to the user (in his/her browser) with access to one file in the FTP, for example:

<a href="ftp://theftpserver.com/files/acounts.pdf">Download file</a>


In this case, accessing with Anonymous user not generate any problem to access to this file, but if the user has a access with username and password, put this on HTML, it will not be very secure, example:

<a href="ftp://username:password@theftpserver.com/files/acounts.pdf">Download file</a>


I want to prevent that this response with this username and password tag between the server and the user would be catched by "Someone" and get the Username and Password of the user.

The SSL certificate can solved this? Or the best way to do this is create a directory with username and password only with read properties?

Answer

Yes, SSL will make it more secure because your communication with the server will be encrypted. It is even better if you have a web server (an API endpoint for instance) receiving the requests from your frontend, contacting the FTP server, getting the file, and responding back with it. This way, the frontend does not need to know about the FTP server. Another good idea is to hash the password and before sending it.

Comments