Quote:
Originally Posted by kq76
I think I may be able to create an FTP account for ourselves that accesses multiple folders. If I can, would this avoid the problem you spoke of? That, or I could put those two folders in a parent folder and just give the account access to it, right? If it is possible are there any folders other than the exports and reports folders that I should give that account access too?
|
Owner team uploads go in the same ftp folder as the league file when you upload it. So securely you only need to give an FTP account access to that folder and make sure that directory is not viewable via HTTP and you should be ok from the risk of someone placing an iframes exploit on your site.
The problem with this is you would be unable to upload web reports as those go in other folders on your server and usually ones which obviously have http enabled for. So opening up the ftp account which the league file uses to be able to upload web reports also gives any potential hacker the access or ability to at least hit part of the website as well.
Two ways around this that I can think of:
1) Manually run the web reports from within OOTP and then manually upload them to your server outside of the game using an account that has permission to do so. This requires you to know the directory structure that the web reports get uploaded within.
2) Have two accounts for your league, one the general league upload/download ftp account that is normally in the game and a second account used only for web reports. When you run the league file, get exports, imports etc you use the first account. Then when time to upload web reports switch the settings within the game to the second account/password on your system only to upload the web reports from within the game to the server. Once done make sure you change it back or you will not be able to import owner exports for the next sim.