Just a quick straw poll to see how many people consider IP checking an important compnent of your FTP usage.
In relation to this thread:
http://www.inicom.net/forum/showthread.php?t=15198

Edit:// I would vote Essential but for some reason wont let me vote or view results on the poll I posted, so whatever the results let me know and add 1 on there ;)

Essential!

Can't vote either:
Your user account may not have sufficient privileges to access this page. Are you trying to edit someone else's post, access administrative features or some other privileged system?
If you are trying to post, the administrator may have disabled your account, or it may be awaiting activation.

Some account settings are not fixed i guess, also can't get on the ioFTPD Registered Members Only section :(

But back on topic i would say Essential.
Because after reading topic i agree with al the staments that are said about this future.
I must say that i'm not a guru ioFTPD user just playing with it for a couple of days now but i think this future is a must and is in my opinion more secure.
easy to fake IP or not in combo with cert you got the most secure server there is i think, so use them both! (if possible?)
And for the IP storage for that function (dunno if that happends but must be a logical thought) i'm sure there is a way to encrypt that ;)

foxmaster, you do not have permission to access this page. This could be due to one of several reasons:

this is what I get ????

Just a quick straw poll to see how many people consider IP checking an important compnent of your FTP usage.
In relation to this thread:
http://www.inicom.net/forum/showthread.php?t=15198

Edit:// I would vote Essential but for some reason wont let me vote or view results on the poll I posted, so whatever the results let me know and add 1 on there ;)

This is rather pointless. How many times do I need to state, that this is something that can be scripted (there is absolutely no reason to have it hardcoded). Also, at the moment it looks like that none of the SITE commands will be hardcoded because of:

a) Use of (LUA) scripted command has neglible implication on general server performance.
b) Eventually most (all?) commands are likely to be scripted. There will be hardcoded helper functions for LUA that can be used to improve performance.
c) Io resolves client's hostname, and places it to client environment - only task left to do, is to go through list of ips stored in user/group contexts'.

pseudo-code USER command:

client = current_client();
if (is_logged_in(client)) {
echo("530 Already logged in.");
return;
}
user_name = get_arg_string(1, STR_END);
if (set_env(client, "UserName", user_name)) {
echo("331 Password required for " + str(user_name));
} else {
echo("530 Error:" + strerror(get_last_error()));
}



pseudo-code PASS command:

client = current_client();
if (is_logged_in(client)) {
echo("530 Already logged in.");
return;
}
user_name = get_env(client, "UserName");
if (! user_name) {
echo("530 Use USER to login.");
return;
}

uid = get_uid(user_name);
if (uid == INVALID_ID) {
echo("530 Error:" + strerror(get_last_error()));
return;
}
user = load_user(uid);
if (! user) {
echo("530 Error:" + strerror(get_last_error()));
return;
}
// ip-check
row_id = get_row_id(user, "Ip");
ip_cnt = get_row_count(user, row_id);
if (ip_cnt > 0) {
match = false;
client_host = get_env(client, "Hostname");
client_ip = get_env(client, "Ip");
while (ip_cnt--) {
tmp_str = get_column_value(user, row_id, ip_cnt, 0);
if (! str_match(client_host, tmp_str) ||
! str_match(client_ip, tmp_str)) {
match = true;
break;
}
}
if (! match) {
echo("530 Invalid username/password.");
return;
}
}

if (login_client(client, user, get_arg_string(1, STR_END))) {
echo("230 Login successful.");
} else {
echo("530 Error:" + strerror(get_last_error()));
}

foxmaster, you do not have permission to access this page. This could be due to one of several reasons:

this is what I get ????


same for me
and I cannot post anything in
"ioFTPD Registered Members Only" Sektion too
i got same message.

:confused:

ok, i'll work on the permissions today...i think its fixed for now, but let me know if you run into anything else.

Got this when i tried to vote, so seems the error still is there.
JoC, you do not have permission to access this page. This could be due to one of several reasons:

Your user account may not have sufficient privileges to access this page. Are you trying to edit someone else's post, access administrative features or some other privileged system?
If you are trying to post, the administrator may have disabled your account, or it may be awaiting activation.

whoa, that is weird. all the permissions looked good, so I tried to vote myself...it allowed it, but took me to an archived poll for some reason.. The arechive is locked down, which might be causing the poll posting problem. I'll look into this further.

Scripters are here cause most of us actually enjoy scripting, this doesnt mean that we should be taken advantage of, and used to script everything that isnt seen fit to be included as a core component. We arent the ones being paid, and it seems very unfair that everytime something is requested, its always the `this can be scripted` standard reply

on another note, there is still problems with this page, most people cant vote, and even less can view the poll results

this thread is topic`d in #ioFTPD on efnet, where the whiners hang out ;)

We're now talking less than 20lines of code :I Ihmo. this is getting really ridiculous - I simply don't want IP table to default database structure. And no, I don't like idea of having config option for it either.. so it'll be a script, and it will most likely come with default installation (disabled by default). I might even implement user credits using script - can't really see any reason not to do so ;)

Ps. I could have implemented the function in time it took to write this post, but I still didn't.

I can't vote to this poll but I think IP checking is essential.
Just another question: I'm registered but I don't know where to add this information in my CP.

I can't vote to this poll but I think IP checking is essential. .. too :D

very sad for this decision..i want ip checking in core and not in script..

Ok, everyone should be able to vote on this poll now. It was crosslinked with another thread in the archive. Apparently, polls didn't come over in the conversion. All old polls have been removed for now.

This is really ridiculous. You need to understand that I'm trying to make ioftpd completely script driven instead of having N hardcoded features. Even certificate based authentication will be eventually handled by scripts - perhaps not in 1.0, but later on when I can focus on adding new lua functions. Finally there is virtually no difference between operation performed by LUA script and operation performed C-function. Though, you can't modify hardcoded code path without disassembling the source - which is illegal.

If someone comes up with sane explanation why it should be hardcoded, I will make it so. But so far I've only heard arguments of which none is based on truth:

1) IP-check is part of File Transfer Protocol: it isn't.
2) Scripts are not as reliable: higher level programming languages are more reliable.
3) Scripts are slow: read about LUA.
4) Why did you remove it in first place: 1.0 is complete rewrite, it wasn't there to be removed in the first place.
5) Config option: ihmo default configuration should be minimal and provide basic functionality. Adding dozens of config options that of 90% are obsolete to most, is not something I would ever even consider.
5) If it is so easy to add, why not to: It has much to do with default database structure. I don't think IP table is something, that should be mandatory.

I think I'm through with this subject.. prepare to install script :eek:

I think poll should be: is hardcoded ip-check needed, and if one votes for yes - then some explanation why so.

I have modified the poll a little bit to collect more accurate results.

Well, thats different to what the poll was intended to show, but thats cool.
Personally I'm fine with a script but only if its created by the developer, fully supported, and if the script crashes it wont let people in at all rather than let people in regardless of IP.

Chance of script causing a crash is much less than what of chance of low-level C code. Not to mention, that if LUA script crashes - it's likely to bring whole daemon down :) (same behaviour as module/internal function would cause a crash)

OK, I'd rather entire daemon went than just IP checking so thats good enuff for me then.
Cheers for clarifying and sorry for being a pain in the arse ;)

the poll should be closed, as d1 has already stated he will ignore the results anyhow

Based on the facts darkone did write down , i think a scripts based ip checking will do fine
Allthough would be nice if the script wil be included in the default install package.

Anyway hardcode ip checking as a config option which wil be disabled as default wouldnt be very bad to.
Atleast the customer will be able to choose what he wants either hardcoded or scriptbased.
Ip checking is a important security issue anyway
;)

Just wanted to comment some things:
You need to understand that I'm trying to make ioftpd completely script driven instead of having N hardcoded features.

I don't want to be mean but in this case you can make an entirely scripted ftpd with tcl or php or anything else. Lots of ppl have problem with script, I don't see why you make such a BASIC thing scriptable, it's nonsense for me.
Look at others FTPD: Raiden, Serv-U, GLFTPD, ... it's hardcoded.
Or will you provide an easy script to do this when you release io v1?

We're now talking less than 20lines of code

If it's only 20 lines of codes, why don't you add them (yes, I read your post), it shouldn't be difficult. Like I said, basic things like that should be hardcoded.

Sure you can easily write decent ftp daemon using php/tcl/... high level programming languages. However such daemon would be very inefficient. Lua is somewhat different; it's special case programming language designed to run things really fast. And due to its' outstanding performance, it's being used in many commerical applications that require high performance. eg. games and embedded devices.

It's in everyone's intrest that I spend time on optimizing 1% of code that is in use 99% of time, rather than optimizing 99% of code that is in use 1% of time. This is where ihmo others go wrong. They implement everything that users require as configuration options. Which at first it may seem like reasonable approach, but after a while you have dozens of options that many people don't even know/care about. If you had designed daemon to be easily extended - which does actually require much more time than adding those built-in options - you could have provided those same features in small scripts/modules. The only difference it makes to end-user, is that he needs to copy a file to certain location instead of modifying configuration file.

Btw, isn't it rather pointless to have this debate before you have actually evaluated the new daemon? You're welcome to say that performance sucks and that I made poor choices, if you really think that once you've tested it :rolleyes:

i think that hat has made you go even more barmy :D

They implement everything that users require as configuration options. Which at first it may seem like reasonable approach, but after a while you have dozens of options that many people don't even know/care about.

So far 87% of people want it (31 votes, only 4 dont cares). I'd hardly say thats a feature no-one cares about :)

can't resist to post...

Been following this thread since start and damn I want ip-checking. I wanted it hardcoded at first but kinda changed my mind a bit. I don't really care if its scripted or not as long as its inicom(d1) that makes it. As suggested above somewhere why not make it a examplescript to show how lovely it is to use LUA. This way it will also show what the future have for other of the internal commands that if I read correcly all will be luascripted in the end.

You're welcome to say that performance sucks and that I made poor choices, if you really think that once you've tested it :rolleyes:

I never said that performance will suck (and I don't care about performance at login time) but i think that MORE SCRIPTS == MORE PROBLEMS

"People have issues."
And that will be the extent on my participation on this whole thread.

Cheers!

- Mouton

PS Always happy to troll. :rolleyes:

"People have issues."

And that is just the way it will always be. Me for one don't mind it being scripted. I wouldn't mind if d1 was the one to make the script/module tho'. But I can't agree that more scripts equals more problems, either you've been using the wrong scripts then or perhaps it comes down to lazyness? I mean if this script/module would be coded by d1 himself(?), what's the big deal? Don't you people trust his skills yet? If d1 includes a module for this in the final release, I'm all good. What's the difference then whether it's implemented in the core or as a module..

peep, your opinion obviosuly doesnt count, as your a fellow finlandian and prolly his next door neighbour :P hehe

You bet, me and my dog has made several visits to d1's place to make sure he codes io the way I want it (or then again, maybe not..) I bet the only connection between me and d1 is the .fi and perhaps we share the same mobile operator?! :p

What's the difference then whether it's implemented in the core or as a module..If the module is script based my opinion is that after a period people start to forget that there was a script and at the end the script disappears because there is more attention for the core program ;)

Honesly, why should anybody care whether something is built-in or scripted??? I simply don't get it. If it works, great. If it doesn't, too bad. What it has to do with the way it is coded?

Now, I think ip-checking should be included in the basic downloaded package, because I guess most people will want to use it and requiring them to download it separately seems strange. But other than that, what exactly is the problem?

I think it should be by external script.
I think as much as possible should be scripted, so everyone can choose what to add/not add so they don have 2k options they dont use.
(i cant stop myself from comparing to the biggest misstake ever, msn, the most bloated chat-client ever... )
ehm i got a bit carried away but i think i proved my point ;x
(wich require the script is available..)

Keep the good work up - max