14
Deploying Contribute to Departments and Enterprises
Secure FTP
SFTP is a secure version of the FTP protocol. Like SSH, SFTP prevents unauthorized users from
gaining access to password and user information that is sent without encryption over the Internet.
Standard FTP sends the user ID and password as clear (that is, unencrypted) text, allowing
anyone monitoring your FTP data to see your user ID and password, as well the data being
transmitted. With SFTP, everything you transmit is encrypted, protecting it from monitoring by
intruders.
In addition to increased security, Macromedia recommends using SFTP because it’s a more robust
protocol that provides more reliable performance. The following reasons describe why SFTP is a
better protocol:
•
A more strict protocol than FTP
•
Supports functionality that FTP does not
•
Is more efficient than FTP
•
Does not conflict with firewalls, proxy servers, or routers
•
Provides a secure connection over which to transfer files
To use SFTP with Contribute, you must have an SFTP server installed. You cannot use a standard
FTP server and simply select SFTP from the connection type choice within Contribute; the
connection will fail. You must also have Secure Shell 2 (SSH2) enabled on the server. Contribute
provides SFTP only over SSH2-protected network connections.
To learn more about SFTP, see the documentation supplied with your server’s operating system
and SFTP server. To learn more about SSH2, see the SSH Communications Security website at
www.ssh.com
.
Note:
Contribute supports only password-based authentication. Other authentication methods, such
as certificate-based authentication, public key, and Kerberos, are not supported.
FTP and SFTP file permissions
Typically, FTP servers are configured so that when they create (or write) a new file, the
permissions created for the file give the person uploading the file read/write permission and give
members within the permission group read-only access.
In the case of Contribute, this process can cause a problem when another user tries to edit a page.
Contribute can read the file, but when it attempts to copy the updated file back to the web server,
the FTP server’s file permissions prevent Contribute from writing the new file.
When configuring your FTP server to work with Contribute, be certain to configure the file
permissions that the FTP server creates for new files so that members of the permission group can
read and write the file. This issue typically occurs on UNIX servers. You should set the
permissions for files to umask 664, which provides read and write access to the file owner (the
person who created the file) and to the permissions group (which would include any users
needing to connect to the website to update the file).
