FTP with password protection


I have a prospect who would like me to price out FTP with password protection. This is a publisher of a periodical that has many advertisers. Ultimately, they would like to be able to have an area on the site that is password protected where they can upload art and graphics and download tearsheets and proofs. I’m assuming they would like to set up an area and password for each individual advertiser. I’m also wondering too about giving the advertisers the capability to browse on their local drive to select a file to be uploaded.

Does anyone know how this can be done?


White Ash

Most printers I’ve worked with have a single generic FTP user set up and clients dump their print jobs there using descriptive filenames. That would be the easiest route.

If you’re wanting an “browser interface” instead of FTP you’d have lot’s of different options but when it comes down to it you’re not goign to be able to use PHP uploading unless you can live with the 7 or 8MB filesize cap for that method.

I’d stick with the single ftp user, it’s seems pretty standard convention these days and most people know how to use an FTP client to up/down files, and if they don’t you can normally just send them a clickable link containing the host/user/pass info to launch an IE/FTP browser session, provided that IE is their default browser, dunno much about the ftp functionality of other browsers.


The other option you have is to have a CGI (perl) script to upload / download files.

It is not limited to the 7MB PHP limit and you can find many many freely available scripts to do this or write / modify your own.

I run just such a script to allow for Everquest Guild Killing Movies to be hosted on my sites and those movies are generally between 20-35mb.

You just structure your site in such a way that the movies are uploaded into an area that is outside of the web server path, thus further protecting your site from any harm.


Thanks for your awesome reply.

I know how to set a password on a directory, and I know how to set up a user. However, I don’t know how to mesh the two. And I don’t have an ftp client (I use Dreamweaver to publish my websites) per se to test stuff out, and I can’t figure that out in Windows (there used to be a little program in the bundle for ftp’ing). I also know that it is important to get the folder outside of the root to keep the website files secure.

Since I have so many questions, I’m wondering if I can hire you or someone at Dreamhost to walk me through how to do all this.

Thanks for your knowledge!

White Ash

Can you explain in a little more detail exactly what you’re after? You sound like you want to give every user their own directory and login credentials? For that you’d want the web app, probably done in Perl as suggested by ozgreg (try here: http://www.hotscripts.com/CGI_and_Perl/Scripts_and_Programs/File_Manipulation/Upload_Systems/index.html)

If you want to create a simple ftp user directory, just set up a new user with a generic username and password that you can give out to everyone. When you set up the new user they will not be in your webroot so there’s no real concern there (just remember to clean it up now and then).

I like the FTP method, most people know how to get that done, esp people that work in the graphic design and/or web services industry. If they have any trouble you can just mail them a link along the lines of: ftp://username:password@yourdomain.com/ and that should help such folks by launching their default ftp client that they can drag and drop files into.

Do feel free to holler if you need some personal attention and I’ll be happy to chat with you.


Hi jason ~ again thanks for your most excellent response.

Originally I was interested in creating password protected directories for ftp’ing files for each individual advertiser.

Now that I read your first post, I think I’m fine with the print industry’s convention of a single generic FTP user set up. If it’s good enough for them, it’s good enough for me. Hey, and I like easy!

Okay, so I have (in a test for myself on my own website) set up an account with username and password and used your magic URL (thanks for that! Never knew about that before).

Now what I’m noticing is that I’m able to see all the files in the account. So either we would have to set up password protected folders for each advertiser - or - my client would have to be diligent about removing files that are out there. Or, I don’t know if there is a way to make it so that people can only upload and not browse / download / delete files. My reasoning here is that I don’t think my client would want competing advertisers accessing each others artwork ~ could get ugly! Let me know if I’m on the right track here, or if there is a better way.

Oh my gosh, once I got to the ftp window, I couldn’t believe how I could just drag a file over from my folders and it uploaded automatically! No wonder there’s no special ftp program in the Windows bundle like there used to be ~ it’s just so easy! Like that!

Also, I’m curious about the /logs and /Maildir folders that automatically get created for the account. Is it okay to remove them?

Thank you so much for your time and expertise!

White Ash

ouch, I know you can restrict permissions and directories if you have anonymous ftp available, do you have that on your plan? If not then I’m not sure if the normal ftp thing will work without getting into an ugly mess of nested users, something you try to avoid at all costs in my opinion =)

Sorry I didn’t even think of that when I was throwing out that advice.

I did however test a Perl script on a whim yesterday or the day before and found it to work quite well, I uploaded a 60MB zipped Illustrator file and it went off without a hitch. It even makes directoies, users and passes and the users are restricted to a directory according to the information in a flatfile that provides thier upload path. The only drawback to the script that I found from a useability standpoint was the mechanism that creates the data rows for the flat files does not write them to the fle, you have to do that manually but that’d be an easy modification to automate that I’d think.

There’s some Perl mongers in these here forums, I might expect one along at any moment… if not, let me know and I can cobble a solution for you if you decide to go that route.


Letterman EDIT: Ripping an “M” from his chest, Letterman replaces the G in GB, thus changing them from gigabytes to megabytes, saving jason’s overage fees for the month! (thank you Letterman - Jason)

This Perl script sounds very promising. Cool that you could upload such a big file!

I can wait on the script ~ not pressing as the proposal went out, and I suspect there will be some lag time before we actually get started and up and running.

Thank you jason!