Closed Bug 179456 Opened 22 years ago Closed 6 years ago

Implement support for secure transfer protocols (SFTP and/or SCP) [extension fodder]

Categories

(Calendar :: Internal Components, enhancement)

Product:
Calendar
Component:
Internal Components
Type:
enhancement
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED WONTFIX

People

(Reporter: trav, Unassigned)

References

Details

(Whiteboard: [extension fodder])

User-Agent: Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.2b) Gecko/20021016 Build Identifier: Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.2b) Gecko/20021016 The calendar has support for remote calendar access via FTP. It seems to me it'd make as much (or perhaps even more) sense to support at least one secure transfer protocol, i.e. scp or sftp. Reasons this is a good idea: - It's becoming more common for insecure protocols to be intentionally disabled (I work in exactly this environment) - Calendar data could be sensitive in some cases; FTP would not be considered adequate for use in this case Thank you for your consideration. Reproducible: Always Steps to Reproduce: 1. 2. 3.
https is supported, but as far as I can tell, sftp is not. This is more of a networking bug than a calendar bug. If it works for publishing html pages, it will work for publishing calendar data.
Assignee: mikep → new-network-bugs
Component: Calendar General → Networking
Product: Calendar → Browser
QA Contact: colint → benc
Version: unspecified → other
-> NEW, back to calendar, where it can live as a placeholder for secure protocol support.
Assignee: new-network-bugs → mikep
Status: UNCONFIRMED → NEW
Component: Networking → Calendar Front End
Ever confirmed: true
Product: Browser → Calendar
QA Contact: benc → colint
Version: Trunk → unspecified
Does this bug also cover SFTP for Composer publishing as well? Should it be reassigned to Browser/Networking: FTP?
URL: N/A
Summary: RFE: Support for secure transfer protocols (sftp and/or scp) → Implement support for secure transfer protocols (SFTP and/or SCP)
*** Bug 183215 has been marked as a duplicate of this bug. ***
Hm, bug 85464 is probably what I'm talking about.
Also see bug 39714, which was closed as WONTFIX.
New contact from mikep@oeone.com to mostafah@oeone.com Filter on string OttawaMBA to get rid of these messages. Sorry for the spam.
Assignee: mikep → mostafah
Depends on: ftps
*** Bug 231457 has been marked as a duplicate of this bug. ***
Blocks: 233996
No longer depends on: ftps
*** Bug 250621 has been marked as a duplicate of this bug. ***
Sorry for the previous empty email. I posted a somewhat awkward workaround for Windows XP that uses Winscp. This may be a temporary fix for some. It only loads the remote calendar at login and saves only at logout. The post is at: http://groups-beta.google.com/group/netscape.public.mozilla.calendar/browse_thread/thread/f278813a7702b270/98b963bafcdb968d?q=winscp3+calendar&_done=%2Fgroups%3Fhl%3Den%26q%3Dwinscp3+calendar%26qt_s%3DSearch+Groups%26&_doneTitle=Back+to+Search&&d#98b963bafcdb968d Regards, Carlos
QA Contact: colint → sunbird
Reassigning all automatically assigned bugs from Mostafa to nobody@m.o Bugspam filter: TorontoMostafaMove
Assignee: mostafah → nobody
No longer blocks: 233996
Depends on: 39714
I think you could use some of the WinSCP or Filezilla code (both open-source) to implement FTP/SFTP/SCP. Not all webhosters offer secure FTP or Shell, so regular FTP support would be a must also. Without any of these protocols, I can't use Sunbird because: - I need to sync easily/fast my desktop and my laptop (different places) - I don't have caldav or ics at my webhoster When Sunbird has FTP, SFTP or SCP support, I'll drop Google Calendar.
Charles, as already said in the other bug, we already have ftp support. Use the ics provider, enter a Location like ftp://user@hostname.com/path/to/file.ics Note also, you can use the provider for google calendar to access your google calendar from sunbird/lightning.
Component: Sunbird Only → Internal Components
QA Contact: sunbird → base
Thanks Philipp.
Voting for WONTFIX! We will probably never have SFTP support in Mozilla core code which this feature in Calendar depends on.
Whiteboard: [needs decision]
I guess we can do so, since the dependent bug is also WONTFIX, but otoh I don't see any harm in leaving this bug open and idle until ietf/mozilla core do their part. I'd probably tag this bug extension fodder though.
Whiteboard: [needs decision]
Status: NEW → RESOLVED
Closed: 15 years ago
Resolution: --- → WONTFIX
Summary: Implement support for secure transfer protocols (SFTP and/or SCP) → Implement support for secure transfer protocols (SFTP and/or SCP) [extension fodder]
Whiteboard: [extension fodder]
FTP is outdated and for good reason. What, you would publish over rcp, too? We use wi-fi in coffee shops, we can't just let everyone eavesdrop on our credentials. It's too bad that Mozilla can't or won't support SFTP, but okay. If you need a workaround for Composer or Calendar you can always use FUSE sshfs and just publish to your local filesystem. You may not be able to explain it to Grandma, but it will work.
I wonder if anyone will read this, but I just want to say what a short-sighted decision this is. I run a not-for-profit server for artists and musicians, and after a break-in that I believe very likely caused by ftp, I'm turning it off for good. I have been recommending SeaMonkey for my users for a long-time - when I turned off FTP I assumed that SeaMonkey would have *some* sort of secure copy mechanism - but no, apparently not (I hope I'm mistaken but it's not looking good). Even Yahoo doesn't support ftp any more. In 2013, if you have a web program that doesn't support secure protocols, you're sending a very clear message: THIS IS A TOY PROGRAM - DO NOT USE THIS FOR SERIOUS WORK. For the moment, I'm suggesting people use some other upload program, but I'm actively now looking to find some competing program that does support secure protocols. Oh, and the suggestion "use FUSE sshfs"? Really, you might as well tell people to write their own program. "You may not be able to explain it to Grandma" - actually, you won't be able to explain it to 99% of humanity.
I can't help but echo Tom's comment above: "I wonder if anyone will read this, but I just want to say what a short-sighted decision this is." And want to add that secure protocols have become the de facto standard - maybe for the wrong reasons - but still, the standard. I am an IT professional going back to the early days. I am often asked by novice users what tool should I use for a very simple web page. Composer works great for this. And if I can set up the basic web structure and publishing method, they are good to go for years. Unless Composer supports sftp, this is no longer possible. So, if you are going to support Composer in today's market, then sftp is essential. Like Tom, "I'm actively now looking to find some competing program that does support secure protocols."

Before recently, ISP's offered a choice between FTP and sFTP. Because of the new privacy regulations, which makes transferring personal data over insecure connections illegal, my ISP offers no choice any more but forces people to use sFTP. It says to "stop with unsecure FTP access. Update your FTP client settings to sFTP" from April 30th 2019 onwards. See https://www.dds.nl/helpdesk/ftp.php or the automated English translation at https://translate.google.com/translate?sl=nl&tl=en&u=https%3A%2F%2Fwww.dds.nl%2Fhelpdesk%2Fftp.php .

This means, I guess, that Composer cannot be used at this ISP any more for publishing, in one and a half month. But since the new privacy regulations apply all over Europe, it is a growing trend of switching to sFTP only at all ISP's in Europe. This means the end of Composer, if not Seamonkey, on this continent, which makes this bug critical.

Can sFTP in Core and in Composer be implemented on the short term?

Like banks allow online banking only with https:// and not with http://, ISP's are switching now to sftp:// from ftp://. Filezilla knows this protocol, see https://www.dds.nl/helpdesk/cat.php?cat=homepage&id=3 or the automated translation at https://translate.google.com/translate?sl=nl&tl=en&u=https%3A%2F%2Fwww.dds.nl%2Fhelpdesk%2Fcat.php%3Fcat%3Dhomepage%26id%3D3 . So the open source code from FileZilla can be used to implement sFTP.

Status: RESOLVED → REOPENED
Resolution: WONTFIX → ---
Severity: enhancement → critical
Component: Internal Components → Networking: FTP
Product: Calendar → Core
Summary: Implement support for secure transfer protocols (SFTP and/or SCP) [extension fodder] → Implement support for secure transfer protocols (SFTP and/or SCP)

Please don't move this around, there was already a decision to WONTFIX this bug and defer to an extension. It is definitely not a core bug. Core has decided not to implement this in bug 39714, if the conditions have changed please file a new bug.

Severity: critical → enhancement
Status: REOPENED → RESOLVED
Closed: 15 years ago6 years ago
Component: Networking: FTP → Internal Components
Product: Core → Calendar
Resolution: --- → WONTFIX
Summary: Implement support for secure transfer protocols (SFTP and/or SCP) → Implement support for secure transfer protocols (SFTP and/or SCP) [extension fodder]

Johannes Leushuis there are workarounds, you can use sshfs to mount a directory via sftp, or use an sftp client to transfer files when you're ready to publish.

Philipp Kewisch there is a big Publish button in Composer which can only use an insecure protocol. Publishing is core functionality. What if Mail could only use SMTP and not SMTPS? Would you rely on an extension to secure people's mail? No.

I use Composer every day. I believe it adds value to the suite to be a content creator instead of just a content consumer. What is the process for getting this reconsidered (after 17 years! people are still asking for it!) as a roadmap item?

As mentioned, please check the criteria in bug 39714 and file a new bug if it is met. If core supports these protocols via an URL handler, Lightning can make use of it as well.

You need to log in before you can comment on or make changes to this bug.