0

I have a small function that uploads and download through c# WebClient. I just want to make sure if this is the correct way of doing it without breaking any security rules. This currently work for my application but i am just wondering is the way im doing it is right?

WebClient client = new WebClient();
client.Proxy = new WebProxy();                
client.Credentials = new System.Net.NetworkCredential(_username, _password);
client.BaseAddress = _URLPath; //  ftp://10.10.10.10/
client.UploadFile(_filePath.Substring(_filePath.LastIndexOf("\\") + 1), _filePath); //filePath = C:\\text.bak
client.DownloadFile(myFile, myFile); //Download myFile = "text.txt"
client.Dispose();

Basically the application uploads a file called "text.bak" from my C:\ and the server right away generates a text file from that called "text.txt" and i download it right away.

Am i leaking any security issues? Thanks

civic.sir
  • 400
  • 1
  • 9
  • 26
  • Note that it is not possible to provide guidance without knowing what "security rules" your organization have for particular type of information you are sending up/down. – Alexei Levenkov Sep 12 '14 at 17:16
  • Well im just wondering if i connected to the FTP server correctly? .. The part where it's client.UploadFile and .DownloadFile seems a little wrong to me. Can you verify if the code is correct.. Even though it works – civic.sir Sep 15 '14 at 13:52
  • No I can't verify if your code is correct - look ok to me, but that's it. Note that since FTP does not support responses to upload (unlike HTTPs POST/PUT) you have to rely on luck to get response related to your upload and not someone else. – Alexei Levenkov Sep 15 '14 at 14:19
  • You are welcome. For future questions please try to use words that reflect you need - "security" (see [Information Security](http://en.wikipedia.org/wiki/Information_security) ) and "correctness" are very different concepts. Program may be *correct* (doing what you want, like save password in text file) but not *secure* - (not following any security guidelines, like don't store plain text passwords). – Alexei Levenkov Sep 15 '14 at 14:39

0 Answers0