"All providers configuration is stored in the configuration files. It is not allowed to define provider's configuration in the markup of the control or through the code behind. This is because the configuration contains sensitive data (access key, secret key and etc.). "
Who thought this one up.. it makes the control totally useless..
Stop reinventing the wheel, just copy what other have worked out over many year this control is NOT new..
See several others, the best is DirectAmazonUploader ..
Take a look
http://flajaxian.com/flajaxian.com/DirectAmazonUploader1.0Help.html
*****ABSOLUTE MUST****
The bucket, and access account MUST be dynamic configurable..
Please fix major design defect..
5 Answers, 1 is accepted
0
Hi Ray,
I have noticed that you opened a few posts for RadCloudUpload, which are related and addresses the control's configuring. This control is still pretty new and we are happy to receive all kind of feedback for it, be it positive or
negative. That's why your opinion is valuable for us. It will help us to make the control better than our competitors.
I have download and tested the pointed control. It has a different design compared to the RadCloudUpload. The last uses handler to upload files into the Storage Providers. That's why if the credentials are stored in properties, they should passed between server -> client -> handler. It is possible to encrypt this data and pass it, but we think that it is better if the handler read those keys directly from the web.config.
Using an upload handler gives us a big flexibility. Compared to DirectAmazonUploader, RadCloudUpload uploads files asynchronously without any postbacks. And probably most important RadCloudUpload support chunking uploading, while the DirectAmazonUploader submits the file with the form.
As I tested it, it seems that the DirectAmazonUploader requires to upload public-readable crossdomain.xml file for every bucket to use the flash progress, which doesn't look like very flexible.
The RadCloudUpload allows you to define a custom handler, where you could dynamically change the name of the uploaded file or folder:
Regards,
Hristo Valyavicharski
Telerik
I have noticed that you opened a few posts for RadCloudUpload, which are related and addresses the control's configuring. This control is still pretty new and we are happy to receive all kind of feedback for it, be it positive or
negative. That's why your opinion is valuable for us. It will help us to make the control better than our competitors.
I have download and tested the pointed control. It has a different design compared to the RadCloudUpload. The last uses handler to upload files into the Storage Providers. That's why if the credentials are stored in properties, they should passed between server -> client -> handler. It is possible to encrypt this data and pass it, but we think that it is better if the handler read those keys directly from the web.config.
Using an upload handler gives us a big flexibility. Compared to DirectAmazonUploader, RadCloudUpload uploads files asynchronously without any postbacks. And probably most important RadCloudUpload support chunking uploading, while the DirectAmazonUploader submits the file with the form.
As I tested it, it seems that the DirectAmazonUploader requires to upload public-readable crossdomain.xml file for every bucket to use the flash progress, which doesn't look like very flexible.
The RadCloudUpload allows you to define a custom handler, where you could dynamically change the name of the uploaded file or folder:
<%@ WebHandler Language="C#" Class="UploadToCarsFolderHandler" %>using System;using System.Web;public class UploadToCarsFolderHandler : Telerik.Web.UI.CloudUploadHandler { public override void SetKeyName(object sender, Telerik.Web.UI.CloudUpload.SetKeyNameEventArgs e) { var carsFolder = HttpContext.Current.User.Identity.Name + "/"; e.KeyName = string.Format("{0}{1}_{2}", carsFolder, Guid.NewGuid(), e.OriginalFileName); }}</telerik:RadScriptManager><telerik:RadCloudUpload runat="server" ProviderType="Azure" HttpHandlerUrl="~/UploadToCarsFolderHandler.ashx">Regards,
Hristo Valyavicharski
Telerik
If you want to get updates on new releases, tips and tricks and sneak peeks at our product labs directly from the developers working on the RadControls for ASP.NET AJAX, subscribe to the blog feed now.
0
Ray
Top achievements
Rank 1
Rank 1
answered on 29 Nov 2013, 11:28 PM
"but we think that it is better if the handler read those keys directly from the web.config."
WRONG.. this is NOT your call, the users have decided, this control ( FREE), has ben in use for over 5 years..
Please just follow industry best practice, and listen to your paying users..
If you could use any of the three AWS credebntials in your handler fine, but you can use Zero..
Please fix..
WRONG.. this is NOT your call, the users have decided, this control ( FREE), has ben in use for over 5 years..
Please just follow industry best practice, and listen to your paying users..
If you could use any of the three AWS credebntials in your handler fine, but you can use Zero..
Please fix..
0
Ray
Top achievements
Rank 1
Rank 1
answered on 29 Nov 2013, 11:39 PM
Not looking for a comparision with DirectAmazonUploader, it is simply the bench mark, way ahead of where youa re at..
So knocking it is a waiste of resources, it simply works and is FREE..
The issues are nothign like you suggets, its well designed and is based upon what users want... the issue is it uses flash,a nd was looking at a html5 solution..
So take a control that has been in use fotr over 5 years and dont try and be "tooo" smart, just basic stuff will work fine..
So knocking it is a waiste of resources, it simply works and is FREE..
The issues are nothign like you suggets, its well designed and is based upon what users want... the issue is it uses flash,a nd was looking at a html5 solution..
So take a control that has been in use fotr over 5 years and dont try and be "tooo" smart, just basic stuff will work fine..
0
Ray
Top achievements
Rank 1
Rank 1
answered on 29 Nov 2013, 11:42 PM
Telerik..
Simply let me know if this bug fix will take 5 years like the last few defects to fix ( see numeric multiplier and many others), if so, will fix myself, and not waiste your time any further..
The fix is trivial, I have identified where the fix goes into your code, just a couple of lines..
Not interested in academic debates about right/wrong, just best practice solutions which work today, not in 5 years time..
Simply let me know if this bug fix will take 5 years like the last few defects to fix ( see numeric multiplier and many others), if so, will fix myself, and not waiste your time any further..
The fix is trivial, I have identified where the fix goes into your code, just a couple of lines..
Not interested in academic debates about right/wrong, just best practice solutions which work today, not in 5 years time..
0
Hello Ray,
Our CloudUpload control uses a separate handler to upload files in chunks.
This is a feature that is not available in the other amazon upload control you are referring to. This handler is what allows us to drop the flash progress indicator.
This, however, requires that we pass the configuration keys to that handler's URL. Even if they are encrypted there is always a risk that an attacker will be able to break this encryption.
We have received a lot of requests to ensure our controls are secure and do not expose private information, which is why we have chosen to keep these keys as private as possible - i.e., available only on the server.
We are logging your request to make them available as properties that will travel with the page's ViewState, and you can follow it here.
With Q1 2014 we aim to offer the ability to use custom providers that can load their keys as the developer chooses - from a database, from server cache, hardcoded in each provider so different pages can use identical providers with different keys, etc.
Regards,
Marin Bratanov
Telerik
Our CloudUpload control uses a separate handler to upload files in chunks.
This is a feature that is not available in the other amazon upload control you are referring to. This handler is what allows us to drop the flash progress indicator.
This, however, requires that we pass the configuration keys to that handler's URL. Even if they are encrypted there is always a risk that an attacker will be able to break this encryption.
We have received a lot of requests to ensure our controls are secure and do not expose private information, which is why we have chosen to keep these keys as private as possible - i.e., available only on the server.
We are logging your request to make them available as properties that will travel with the page's ViewState, and you can follow it here.
With Q1 2014 we aim to offer the ability to use custom providers that can load their keys as the developer chooses - from a database, from server cache, hardcoded in each provider so different pages can use identical providers with different keys, etc.
Regards,
Marin Bratanov
Telerik
If you want to get updates on new releases, tips and tricks and sneak peeks at our product labs directly from the developers working on the RadControls for ASP.NET AJAX, subscribe to the blog feed now.