broadband or webhost?

  • Thread starter Thread starter dobro
  • Start date Start date
dobro

dobro

Well-known member
I tried this out in a thread here, but it went nowhere. Time to start a thread.

I contacted a webhost called php yesterday, and asked about mp3 storage and transfer and passwords and stuff. Here's what they said: "You can password protect parts of your site with .htaccess. We do ask all our users to stay under ten gig/month transfer."

What's .htaccess? They charge about ten dollars a month - that's reasonable, right? Also, ten gigs transfer a month is pretty big, right? Anybody used them?

This seems like a better way to handle file transfer online than the broadband-file-transfer-via-chat-software option, if only because I can work with *anybody* and not just people who have broadband. And of course, a webhosted site is cheaper for me too.

Any thoughts on this?
 
I'm a big fan of FTP, since I have lots of space to use if I need it and anyone can connect from anywhere. There are even utilities out there that will let you break up a download for those on dial-up. I don't know what .htaccess is, but $10 a month for 10 GB of transfer doesn't sound bad to me. 10 GB is alot of audio files. :D
 
I did a couple of ftp things once - it was slower than downloading an mp3, I recall. Is that standard?
 
It depends on where the FTP is hosted and of course how many crappy servers there are between you and the FTP server. Ours is all on cable connection, not the best for uploads, but I'm in the same building as the server so I can direct connect. The downloads are regular cable modem speed though.
 
Ask them if it's 10Gb (gigabit) a month or 10GB (gigabyte) a month, there is a MASSIVE difference. And GET IT IN WRITING!

FTP is INHERENTLY slower than HTTP transfer, but is also inherently resumeable with a proper download application. The typical ftpd software will limit connection speeds to half of what a typical httpd will run. 'Anyone can connect from anywhere', untrue, alot of companies block port 21, which is the standard port for FTP, some ISP's as well, to prevent you from running an ftpd. The user must also either have a browser that supports FTP, or an FTP application. Some FTP servers are NOT anonymous, so you have to provide your username and password in the connect URL, allowing ANYONE to upload and delete or modify anything you've uploaded!

dobro, if it's $1/Gb/Month, you are paying $8/GB/Month. That is NOT cheap.

P.S.> 1GB of transfer is roughly 204 downloads of one 5MB mp3. 1Gb of transfer is roughly 25 downloads of one 5MB mp3.

W.
 
Thanks Waldo, that explains FTP pretty well. I usually don't consider it since we host our own and mange the security. :)
 
.htaccess is a standard method of protecting downloads from a server (allows you to modify the servers settings for directories, or seperate user accounts). By simply creating an .htaccess file, and a .htpasswd file in a directory, you can specify certain files that are not allowed downloads unless a person authenticates themselves first.

Here is a simple tutorial for a *nix based server:

http://faq.clever.net/htaccess.htm

Some Microsoft based servers allow .htaccess overrides as well, however the process can be different. Most of the time, you need to manually create the files, as there is no utilities provided on standard IIS to create them.

W.
 
First off, FTP is not inherently slower than HTTP. It's all dependent on how each service is configured. All conditions being equal, FTP and HTTP will be the same.

There are a ton of sources on the net that will tell you what .htaccess is and how to use it, but to configure it to password protect a directory is rather simple...

An .htaccess file is just a text file containing instructions on what to do with that directory. To password protect it, you would create the .htaccess file in said directory like this example...

--
AuthUserFile /raid/0/web/http/pw/6/40/www.hoppehome.com/.passwd
AuthGroupFile /dev/null
AuthName ByPassword
AuthType Basic

<Limit GET>
require user hrdotcom
</Limit>
--

The AuthUserFile refers to where the password file is located and what it's name is. You then need to create the password file (.htpasswd or whatever you want to call it) in the directory you've specified...in this case it's " /raid/0/web/http/pw/6/40/www.hoppehome.com/".

You would then use this command to create the file from a telnet or ssh connection to your server (in the directory above):

htpasswd -c .passwd hrdotcom

This will create the file named ".passwd" with a username of "hrdotcom", and then prompt you for a password for that username (which get encrypted, BTW).

To see this in action, just go to the URL below, and use the user/pass provided.

Username: hrdotcom
Password: test

http://www.hoppehome.com/test/


.htaccess can do a lot more than just password protect directories, so do a search on the web for more info.

Sorry for the lengthy post...

L8R...
 
FTP IS inherently slower due to it's protocol.

In HTTP, a simple GET request can be sent to request a file, no authentication, etc.

In FTP, you must first authenticate (even with anonymous login) by sending a username/password combination (via. USER and PASS), you must then CWD to the proper directory, PWD to ensure that the server placed you in the proper directory, select the file and method of transfer, and then tell the transfer to begin. Whilst this may be handled entirely by the application by parsing a URI, it still is more data being sent back and forth, and more operations. Therefor, the method is inherently slower!

W.
 
P.S. LooneTunez> You forgot to Limit the POST method, therefor your example is easily by-passable. It's also better to use the valid-user keyword to allow all users in the htpasswd file access.

Most webhosts rarely allow .htaccess to override anything more than authentication.

W.
 
Realize that downloading via HTTP also requires some things to happen in the background as well, like getting through the headers, and sending commands to your browser to ask it to download. HTTP also has higher load averages on the server, and the server is also busy serving it's hosted content (HTML, graphics, SSI, CGI, etc) to multiple users. FTP on the other hand was designed to transfer files (Hence the name File Transfer Protocol), and is much more efficient in doing so...because that's all it does...

Not looking for an arguement, just stating some facts. :)
 
P.S. LooneTunez> You forgot to Limit the POST method, therefor your example is easily by-passable. It's also better to use the valid-user keyword to allow all users in the htpasswd file access.
Click to expand...

Not sure what you mean here, because to my knowledge there would be no way to bypass the limits that were set in this example. As in, unless you have the correct user/pass, you won't gain access...

Also we could go into user groups as well, but I just picked an example with a single user for simplicity.

Most webhosts rarely allow .htaccess to override anything more than authentication.
Click to expand...

Webhosts will set limits as to what the end user can do with .htaccess, but it's usually more than just authentication...for example, you can define the default (start) page with .htaccess as well...or none if you just wanted it to list the files in the directory.
 
Here is a header to retrieve an MP3 file from a HTTP server:

GET /whateverdir/themp3.mp3 HTTP/1.1
Host: whateverhostname.com

The server then returns a header if the file is found:

HTTP/1.1 200 OK

The rest of the return is the actual mp3 data. And we are done.

For FTP, same file, first has to connect, once connected, server returns:

220 whateverhostname.com FTP server ready.

The application the has to send a username, lets assume anonymous:

USER anonymous

The server will then return a code, lets say 331

331 Password required for admin

The application gets the code and determines what to do, default is to send the password, in most anonymous cases, an email address

PASS me@there.com

The server then returns a code to say if the login is successful.

230 User anonymous logged in.

Now, the application needs to know what directory and host type we are dealing with, so that it knows what commands work, and which ones don't. So, it sends:

PWD

Which returns

257 "/" is current directory.

Now, host types rarely can be autodetected, but can be in the MOTD of the server, if it exists. Now, we have to know what ports to talk to eachother, so we have to send a port command with our IP in it, and the ports we wish to use. A note, for most FTP servers, we will have to do such a port command after every command that sends back data from the server. For this example, I won't include them, as it would only double the amount of typing I have to do to prove the point. Just double every command from here on in, and you'll get the idea.

PORT 55.33.22.11,12,249

The server will then return a code, in this case, let's assume it worked.

200 PORT command successful.

Now, we have to change to the right directory, so we do a:

CWD whateverdir

Server will return if it worked:

250 CWD command successful.

Lets confirm we're in the right directory now. Lets send:

PWD

Server will now return:

257 "/users" is current directory.

Okay, so now lets download the file. Your machine has to know if it's a binary or ascii file, but most applications will default to binary if it doesn't know what the file extension is. However, some will default to ascii. If the file is not transfered in the proper method, it will be horribly damaged, as every CR character will be converted to CRLF. We know it's binary, so I'll show that in the example. First we set the binary mode:

TYPE I

Server should respond:

200 Type set to I.

We now send a port command to ensure that the file gets sent to us.

PORT 55.33.22.11,13,36

Server should now respond:

200 PORT command successful.

Now we actually request the file:

RETR themp3.mp3

Server should respond:

150 Opening BINARY mode data connection for themp3.mp3 (size bytes).

And the data that follows should be the mp3.

We then wait for a :

226 Transfer complete.

And then log off of the server. (We could leave the connection open, but that is unethical, and very very few applications allow it)

QUIT

And wait for a:

221 Goodbye.



So, sure, you can say that HTTP has to send headers too, but it is WAY LESS OVERHEAD than FTP, and thus is inherently faster to download.

FTP is called 'File Transfer Protocol' sure, but was designed for SENDING, RECIEVING, and MANAGING files, and is robust for managing files on a multi-directory structure. HTTP is ONE WAY and designed specifically for SENDING data to a client, and thus is way more efficient at it.

W.
 
Looneytunez>

HTTP has two main request header types, GET and POST.

You have stated that only requests using the GET method will be asked a password. So, all I have to do is retrieve the document using the POST method, and walla! I have access.

.htaccess CAN allow you to override every single setting in the httpd.conf file, or access.conf file, HOWEVER, very rarely is it allowed for anything other than authentication.

To correct your simple mistake in your .htaccess example, change your limit tags to include the POST method. ie:

<Limit GET POST>
require user hrdotcom
</Limit>

I suggest you do some RFC reading on internet communication, and security standards ;)

W.
 
I will agree that you make a pretty good arguement W, as there are a lot more commands to FTP than getting a single file via HTTP, but I'm sure you will agree that for all intents and purposes, all of this stuff happens pretty fast, and overall probably makes no difference to the end user downloading the files.

Yes?
 
5k of overhead per file is still 5k of overhead per file. Makes little difference this day and age for a single transfer of a single file, but load on the server, the lines, the bandwidth, and the client, is increased per each download, this adds up, and thus will always be less efficient than using an HTTP server for downloads.

A typical ftpd also has bandwidth throttling in place by default, vs. an httpd which does not, so the actual transfer speed is limitted to a specific rate. If you have full access to the conf files on the ftpd, you can make modifications to raise these caps, but on the majority of hosts, you do not have this ability. Overall, HTTP type transfers is the best choice, and that was the question posed here, thus was my answer.

W.
 
I like eggs...mostly I like 'em scrambled, but I'll take 'em fried too.


Yep...eggs rock.

(this whole thing was getting a little too "X's" and "O's" for a dimwit like me, so I just wanted to give others the opportunity to comment on food items, if they so desire. I certainly mean no disrespect to either of the two knowledgeable folks who AREN'T writing about eggs here.)

It's just that...well, I like eggs.

ROCK-N-ROLL WILL NEVER DIE!!!
-Mr. Egg For Brains
 
Funny you mentioned eggs man, lol, I was thinking eggs as soon as the convo started ;)

Damnit, now I'm hungry!

W.
 
You must log in or register to reply here.
Back
Top