Preferred protocols to upload static files to your Apache server?
-
02-07-2019 - |
Question
If you were the administrator of an Apache web server, what protocol(s) would you prefer to provide, for the web developers to upload static files (html/gif/css/...), with the goal of maximum security ?
If you were the web developer/graphic designer, what protocols would you prefer to be available at the Apache server, to upload static files ?
Solution
SCP is what I'd go with.
You can even use Filezilla for it and pretend it's unsecure FTP: http://filezilla-project.org/
OTHER TIPS
SSH/SCP. It's simple, fast, free, and can be as secure as you want. Alternatives are FTP (hahahaha, yeah right) and POSTing files over HTTPS.
I give web developers instructions on using an sftp/scp client and a login shell using scponly. That way they get their access to upload files, but I have fewer concerns about them doing bad things to the webserver.
I use ssh config to limit users to sftp on a development server then use version control to review the changes and move them to production with got format-patch
We deploy using Capistrano, which afaik does all its work via git (over SSH) - at least, in our deploy script it is.