CrushFTP Server
Encyclopedia
CrushFTP is a proprietary multi-protocol, multi-platform file transfer server originally developed in 1999. CrushFTP is shareware
with a tiered pricing model. It is targeted at home users on up to enterprise users.
, SFTP
, HTTP, HTTPS
, WebDAV
and WebDAV SSL. Additionally, although not a protocol, it has both AJAX
/HTML5 and Java
applet web interfaces for end users to manage their files from a web browser
. CrushFTP uses a GUI
for administration, but also installs as a daemon
on Mac OS X
, Linux
, Unix
, and as a service in Windows
. It supports multihoming
, multiple websites with distinct branding, hot configuration changes, and GUI-based management of users and groups. Plugins are included for authentication against SQL
databases, LDAP, Active Directory
, and Mac OS X accounts (NetInfo
). All settings are stored in XML
files that can be edited directly, or with the CrushFTP GUI. If edited directly, CrushFTP will notice the modification timestamp change and load the settings immediately without needing a server restart.
CrushFTP 4 focused primarily on a cleaner interface and less confusing virtual file system. While it still seems to have some support for merging FTP sites with a local file system, the support seems limited. CrushFTP 4 includes all of CrushFTP3's features, along with more. The learning curve from CrushFTP 3 to 4 is not steep. Updates in version 4 include a full HTTP server as well as the other supported protocols. It continues with the tiered pricing model, with the unregistered shareware only allowing for five simultaneous users at a time. Recent updates started recognizing web browsers as being different than FTP connections where four web browsers connections only count as one user against the licensed limit.
(Other plugins are available but their purpose may be specific to certain scenarios: PreferencesController, DuplicateBlocker, ContentBlocker, FilterCommand, DotBIN, DebugOptions.)
non-reversible hash. SFTP uses SSH for encryption
, and FTPS uses SSL/TLS for encryption.
There have been no known, or published security vulnerabilities in CrushFTP 4. There have been no known, or published security vulnerabilities in CrushFTP 3. One published vulnerability was in CrushFTP 2.1.4 which had a patch released within a day.
Shareware
The term shareware is a proprietary software that is provided to users without payment on a trial basis and is often limited by any combination of functionality, availability, or convenience. Shareware is often offered as a download from an Internet website or as a compact disc included with a...
with a tiered pricing model. It is targeted at home users on up to enterprise users.
Features
CrushFTP supports the following protocols: FTP, FTPSFTPS
FTPS is an extension to the commonly used File Transfer Protocol that adds support for the Transport Layer Security and the Secure Sockets Layer cryptographic protocols....
, SFTP
SSH file transfer protocol
In computing, the SSH File Transfer Protocol is a network protocol that provides file access, file transfer, and file management functionality over any reliable data stream...
, HTTP, HTTPS
Https
Hypertext Transfer Protocol Secure is a combination of the Hypertext Transfer Protocol with SSL/TLS protocol to provide encrypted communication and secure identification of a network web server...
, WebDAV
WebDAV
Web-based Distributed Authoring and Versioning is a set of methods based on the Hypertext Transfer Protocol that facilitates collaboration between users in editing and managing documents and files stored on World Wide Web servers...
and WebDAV SSL. Additionally, although not a protocol, it has both AJAX
Ajax
- Mythology :* Ajax , son of Telamon, ruler of Salamis and a hero in the Trojan War, also known as "Ajax the Great"* Ajax the Lesser, son of Oileus, ruler of Locris and the leader of the Locrian contingent during the Trojan War.- People :...
/HTML5 and Java
Java
Java is an island of Indonesia. With a population of 135 million , it is the world's most populous island, and one of the most densely populated regions in the world. It is home to 60% of Indonesia's population. The Indonesian capital city, Jakarta, is in west Java...
applet web interfaces for end users to manage their files from a web browser
Web browser
A web browser is a software application for retrieving, presenting, and traversing information resources on the World Wide Web. An information resource is identified by a Uniform Resource Identifier and may be a web page, image, video, or other piece of content...
. CrushFTP uses a GUI
Gui
Gui or guee is a generic term to refer to grilled dishes in Korean cuisine. These most commonly have meat or fish as their primary ingredient, but may in some cases also comprise grilled vegetables or other vegetarian ingredients. The term derives from the verb, "gupda" in Korean, which literally...
for administration, but also installs as a daemon
Daemon (computing)
In Unix and other multitasking computer operating systems, a daemon is a computer program that runs as a background process, rather than being under the direct control of an interactive user...
on Mac OS X
Mac OS X
Mac OS X is a series of Unix-based operating systems and graphical user interfaces developed, marketed, and sold by Apple Inc. Since 2002, has been included with all new Macintosh computer systems...
, Linux
Linux
Linux is a Unix-like computer operating system assembled under the model of free and open source software development and distribution. The defining component of any Linux system is the Linux kernel, an operating system kernel first released October 5, 1991 by Linus Torvalds...
, Unix
Unix
Unix is a multitasking, multi-user computer operating system originally developed in 1969 by a group of AT&T employees at Bell Labs, including Ken Thompson, Dennis Ritchie, Brian Kernighan, Douglas McIlroy, and Joe Ossanna...
, and as a service in Windows
Microsoft Windows
Microsoft Windows is a series of operating systems produced by Microsoft.Microsoft introduced an operating environment named Windows on November 20, 1985 as an add-on to MS-DOS in response to the growing interest in graphical user interfaces . Microsoft Windows came to dominate the world's personal...
. It supports multihoming
Multihoming
Multihoming is a technique used to increase the reliability of the Internet connection for an IP network. As an adjective, it is typically used to describe a customer, rather than an Internet service provider network...
, multiple websites with distinct branding, hot configuration changes, and GUI-based management of users and groups. Plugins are included for authentication against SQL
SQL
SQL is a programming language designed for managing data in relational database management systems ....
databases, LDAP, Active Directory
Active Directory
Active Directory is a directory service created by Microsoft for Windows domain networks. It is included in most Windows Server operating systems. Server computers on which Active Directory is running are called domain controllers....
, and Mac OS X accounts (NetInfo
NetInfo
NetInfo is the system configuration database in NeXTSTEP and Mac OS X versions up through Mac OS X v10.4 "Tiger". NetInfo replaces most of the Unix system configuration files, though they are still present for running the machine in single user mode; most Unix APIs wrap around NetInfo instead...
). All settings are stored in XML
XML
Extensible Markup Language is a set of rules for encoding documents in machine-readable form. It is defined in the XML 1.0 Specification produced by the W3C, and several other related specifications, all gratis open standards....
files that can be edited directly, or with the CrushFTP GUI. If edited directly, CrushFTP will notice the modification timestamp change and load the settings immediately without needing a server restart.
History of CrushFTP
CrushFTP was first published publicly around 1999. Initial versions were FTP only. There were no connection restrictions in version 1.x. CrushFTP 2.x brought about virtual directories in a sense, while CrushFTP 3.x brought about a full virtual file system. It supported the ability to merge and mangle several file systems together regardless if they were from local folders, or another FTP site. It in a sense could even act as a proxy for other FTP servers. However the complications from all the potential issues that could go on from this was confusing. CrushFTP 3 also brought about tiered pricing and restricted the unregistered shareware version to just 5 users at a time.CrushFTP 4 focused primarily on a cleaner interface and less confusing virtual file system. While it still seems to have some support for merging FTP sites with a local file system, the support seems limited. CrushFTP 4 includes all of CrushFTP3's features, along with more. The learning curve from CrushFTP 3 to 4 is not steep. Updates in version 4 include a full HTTP server as well as the other supported protocols. It continues with the tiered pricing model, with the unregistered shareware only allowing for five simultaneous users at a time. Recent updates started recognizing web browsers as being different than FTP connections where four web browsers connections only count as one user against the licensed limit.
Features
- Event based actions to trigger emails.
- WebInterface allowing on the fly zipped uploads and downloads
- Drill down into folders on the WebInterface, delete, or rename all without page refreshes.
- Custom usage reports that can be run on demand, or scheduled.
- Live realtime GUI for monitoring active users, and their activity.
- Web server supports Server Side Includes, and virtual domains.
- Support for Adobe's PDF form posting/uploading.
- SQL integration to store users and permissions in SQL database tables.
- LDAP integration to authenticate against LDAP.
- Ability to launch custom shell scripts passing in the last file uploaded.
- Detailed logging and log rolling.
- Download and Upload queueing.
- Custom web upload forms for collecting additional information with file uploads.
- Bandwidth limiters.
- Internal statistic gathering.
- User and group inheritance on a per setting level.
- Max login time, idle time.
- Max upload, download, and minimum download speed.
- Quotas and ratios.
- Max download amount per session, day, or month.
- Auto account expirations.
- Restricted IP ranges for connections.
- Custom events including running a plugin or sending an email.
- Can be customized or localized into various languages. (GUI and WebInterface)
- Supports various encodings including UTF-8.
- Can do Virtual File System (VFS) linking to merge several file systems together in one.
- Supports FTP's MODE Z for compressed transfers.
Plugins
- AutoUnzip allows automatic zip file expansion when a zip is uploaded to the server.
- CrushImagePreview is a shareware plugin that allows for automatic image thumb-nailing and live hover over previews for the WebInterface.
- CrushLDAP authenticates against an LDAP server including support for Active Directory notations.
- CrushNoIP keeps a www.no-ip.com account in synch without a need for a separate stand alone client.
- CrushSQL authenticates against a SQL table.
- HomeDirectory generates home folders for users when they login. Saves a step during account creation.
- LaunchProcess allows for custom scripts or applications to be launched passing in as arguments the last file uploaded.
- MagicDirectory allows creating users by just making a folder. Non administrator type personnel can create users easily.
- OSXNetInfo authenticates against Mac OS X 10.3 and 10.4 NetInfo databases.
- WebStatistics gives an AJAX powered web page displaying live stats from the server.
(Other plugins are available but their purpose may be specific to certain scenarios: PreferencesController, DuplicateBlocker, ContentBlocker, FilterCommand, DotBIN, DebugOptions.)
Development
Development has been performed by the sole developer Ben Spink. Updates have been frequent with version 4, almost weekly at times. The feature set of version 4 continues to expand as the initial release was missing much of the functionality the current releases have.Authentication Options
- Built-in user database consisting of XML files describing the user and Virtual File System access.
- Active Directory
- LDAP
- SQL Tables
- HTTP Basic Authentication
- HTTP Form Based Authentication
Security
Encryption is supported for files "at rest" using AES-128, as well as for passwords using an MD5MD5
The MD5 Message-Digest Algorithm is a widely used cryptographic hash function that produces a 128-bit hash value. Specified in RFC 1321, MD5 has been employed in a wide variety of security applications, and is also commonly used to check data integrity...
non-reversible hash. SFTP uses SSH for encryption
Encryption
In cryptography, encryption is the process of transforming information using an algorithm to make it unreadable to anyone except those possessing special knowledge, usually referred to as a key. The result of the process is encrypted information...
, and FTPS uses SSL/TLS for encryption.
There have been no known, or published security vulnerabilities in CrushFTP 4. There have been no known, or published security vulnerabilities in CrushFTP 3. One published vulnerability was in CrushFTP 2.1.4 which had a patch released within a day.
See also
- Comparison of FTP server softwareComparison of FTP server softwareThe table below compares basic characteristics of notable FTP Servers. This list is not exhaustive.- See also :* List of FTP server software* File Transfer Protocol * FTP over SSL * FTP over SSH* SSH file transfer protocol...
- List of FTP server software
- List of SFTP server software