Our great sponsors
-
SFTPGo
Fully featured and highly configurable SFTP server with optional HTTP/S, FTP/S and WebDAV support - S3, Google Cloud Storage, Azure Blob
-
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
-
-
Filestash
🦄 A modern web client for SFTP, S3, FTP, WebDAV, Git, Minio, LDAP, CalDAV, CardDAV, Mysql, Backblaze, ...
-
FileRun-Vulnerabilities
FileRun application has many vulnerabilities such as cross-site scripting, open redirection, directory listing..
If you need multiple users that have their own space as well as shared space and you can't be asked to use the in-built openssh-server present on most distributions, use SFTPGo: https://github.com/drakkan/sftpgo
If you use docker there is also a container for running sftp with custom users (different than the system users). You obviously need to use a different port, but you really should never expose SSH on port 22 anyway these days, if for no other reason than your logs will fill with bruteforce login attempts.
Most file transfer protocols server implementation relies on the filesystem and have no dependency on heavy DB like mysql, postgres, .... It does work, it's all tradeoff pro and cons depending on the featureset you're trying to aim. I've spend an absurd amount of time digging through every possible protocol I could put my hands on while working on Filestash and after 5 years at this job I am now firmly in the camp of not using a DB for this kind of application when it comes to selfhosting
Did you fix vulnerabilities mentioned here? https://github.com/EmreOvunc/FileRun-Vulnerabilities