Secure FTP and TopYacht
When Site Manager (TopYacht’s web Uploader) was written about 20 years ago, the concept of ‘secure sites’ was unknown. As the internet industry developed, and the threat of attack from malicious individuals has increased.
As a method of dealing with this, server-keepers have started to insist on security certificates. These work behind the scenes in routine web browsing, with the only sign being that now sits work under the https:// instead of the convention http://.
One of the obvious risks is the hijacking of domain names. A user entering a domain name (https://www.mysite.com.au) would be forwarded to a different server if the mysite.com.au pointer on the domain-name server is corrupted.
While this is an inconvenience to browsers, it is dangerous for uploading, as files could fall into undesirable hands.
The concept of Secure FTP has been developed so that the client and server must match credentials as part of the validation process at login time.
The outcome of this is that an increasing number of server keepers are insisting on secure uploads. The unfortunate thing is that several different authentication methodologies exist, each one needing its own protocol.
Additionally, as evolution takes place, additional systems will evolve.
So where does this leave TopYacht?
TopYacht’s built-in FTP engine is not capable of handling secure FTP. Additionally the interfacing of TopYacht to a replacement engine (if one exists) is not viable.
Users who are faced with this scenario are faced with one of two options.
TopYacht, a part of its service to Clubs, offers results hosting on the TopYacht server. While this comes at an additional cost to Clubs, it is currently a method of circumventing the insistence of server-keepers of requiring secure ftp. Part of the rental includes the provision of a user login and password. The setup can usually be completed in 24-hours. We can also arrange the migration of existing results to the TopYacht server on a fee-for-service basis. It requires the links on the Club’s web site to be changed to point to the TopYacht server. This needs to be done by the Club’s Web Keeeper
The costs are listed on this document (click here)
Option 2. This is not for the faint hearted!!!
Users can go it alone. This requires the user to make their own arrangements with the server-keeper to set up the secure ftp to satisfy the server’s requirements. This may include the installation of WinSCP on to the Club’s computer, and configuring the secure handshaking. TopYacht has the capability of dumping of all the files to be uploaded into the C:\Users\Public\Documents\TopYacht\upload\ folder. This is explained in Appendix 1 TopYacht Setup for Dumping files for Upload.
Initial enquiries by TopYacht indicate that secure FTP is everything but straight forward, especially at the sever end.
We would be interested in learning from the experience of users who are successful. Click here for our contact details.
Appendix 1: TopYacht Setup for Dumping files for Upload
Perform the usual routine to ‘Print’ the results to the Internet (via Step 11)
Go to the Internet Site Set-up screen
Internet | Site
and check the Manual Upload box
Go to the Internet upload screen
Internet | Upload
and click Export for Manual Upload.
All the files that would routinely be uploaded are dumped into C:\Users\Public\Documents\TopYacht\upload\
Subsequent operations purge this folder prior to dumping a new batch in.
Appendix 2: Uploading
Currently, it is up to the user to create the directory structure and catalogue the internet pages in the correct directory on the user’s server. This will require a working knowledge of the planned directory structure (as set-up in TopYacht’s Site manager) as well as the uploading utility.
Remember that the configuration of the utility must take place first under the guidance of an IT guru.
Changes to TopYacht Site Manager have been identified that will permit the cataloguing of all the files in the one internet site folder. These changes will be implemented on an as-needs basis.