CKEditor 4
Sun, 08/11/2013 - 00:15
#1
HelveticusMaximus
HelveticusMaximus's picture
Joined: 10/08/2013
Posts: 5

Protecting with .htacess

Hi

I'm using the FCKEditor in phpList (not the CKEditor for not causing problems). Now I want to allow file upload in the FCKEditor described in the following two tutorials

http://www.dintillion.com/?p=77
http://www.electrictoolbox.com/fckeditor-php-enable-file-maneger-connector/

There it is written the following:

Unless your FCKEditor instance is protected via .htaccess with a username and password, by IP address or similar, you should normally never simply enable the connector as I have shown above, otherwise other people will be able to browse your server.

How can I protect FCKEditor with .htaccess? I want to use username and password.

Top
Sun, 08/11/2013 - 20:25
HelveticusMaximus
HelveticusMaximus's picture
Joined: 10/08/2013
Posts: 5

Does somebody know an answer?

Does somebody know an answer? It is pretty important to me.
 

Top
Mon, 08/12/2013 - 11:42
sebstefanov
sebstefanov's picture
Joined: 03/02/2012
Posts: 1329

All we can do at this point

All we can do at this point is suggest moving to a newer version of CKFinder/CKEditor. Our FCKeditor guides are here. In them we recommend using sessions instead of manipulating your .htacess. 

Customer and Community Manager, CKSource
Follow us on: Facebook, Twitter, LinkedIn

If you think you found a bug in CKEditorread this!

Top
Mon, 08/12/2013 - 17:17
HelveticusMaximus
HelveticusMaximus's picture
Joined: 10/08/2013
Posts: 5

I think a newer version does

I think a newer version does not work with phpList.

Do you recommend manipulating the .htacess with the new version?

In the guide you linked I found only the following about sessions.

In the connector configuration file (editor/filemanger/connectors/php/config.php) set $Config['Enabled'] to true.
NOTE: this is highly insecure unless you have protected the access to this directory with some kind of authentication. You can use session variables to avoid this problem.

How can I use sessions to secure it?

Top
Tue, 08/13/2013 - 13:32
sebstefanov
sebstefanov's picture
Joined: 03/02/2012
Posts: 1329

Sessions use your site's user

Sessions use your site's user roles. So an admin will have access to certain files/folders, regular users to other files/folders, etc., depending on how your site's users are defined and how you set it up. A newer version would imply using CKFinder since CKEditor doesn't come with a file browser. Don't be afraid to download CKFinder and experimenting with it! 

Customer and Community Manager, CKSource
Follow us on: Facebook, Twitter, LinkedIn

If you think you found a bug in CKEditorread this!

Top
Tue, 08/13/2013 - 13:32
sebstefanov
sebstefanov's picture
Joined: 03/02/2012
Posts: 1329

Sessions use your site's user

Sessions use your site's user roles. So an admin will have access to certain files/folders, regular users to other files/folders, etc., depending on how your site's users are defined and how you set it up. A newer version would imply using CKFinder since CKEditor doesn't come with a file browser. Don't be afraid to download CKFinder and experimenting with it! 

Customer and Community Manager, CKSource
Follow us on: Facebook, Twitter, LinkedIn

If you think you found a bug in CKEditorread this!

Top
Thu, 08/15/2013 - 11:30
HelveticusMaximus
HelveticusMaximus's picture
Joined: 10/08/2013
Posts: 5

Do I have to protect the

Do I have to protect the whole FCKEditor folder or only some part of it? I want to use the FCKEditor in phpList and phpList uses a web interface, so it should be somehow accesible. I just want that other people are not able to browse my server through FCKEditor.

Top
Twitter Facebook Facebook Instagram Medium Linkedin GitHub Arrow down Phone Menu Close icon Check