Search

GlobalSCAPE Knowledge Base

MTC Quick Facts

EFT

MTC Facts

Overview

o   MTC is a native app (not HTML5 or hybrid)

§  HTML5 too limiting, especially on iOS

o   iOS 6 and above

o   Android 2.3.3 (Gingerbread) and above

o   iOS 7.0.4 fully tested

o   Android 4.4.2 fully tested

o   Multiple resolutions (phone, phablet, tablet)

o   Free on app store

o   Paid module in EFT

§  T1 < 100 = $999

§  T2 100-245 = $1995

§  T3 250-499 = $2995

§  T4 500+= call sales

o   Requires EFT 6.5.16 and above (base or enterprise)

o   EFT does not track or distinguish between mobile or other clients

o   Complies with US export regulations (ERN R106460)

o   iOS EULA on app store

o   Android EULA in-app

 Networking Related

o   HTTPS using SSL/TLS

§  Leverages session reuse (session caching)

§  Secure Transport (iOS), NSS (Android)

o   Basic auth instead of form based auth

§  No concept of “Logout”

o   IPv6 support

§  Some shorthand support (RFC5952)

o   UTF-8 encoding of Unicode throughout

o   IDN support using Punycode

o   Non-default ports supported

§  If none supplied then uses 443

o   Cert accept once/always/decline/auto (CA signed)

§  Accept once means accept through that application lifecycle/session

§  Future version will allow user to view cert details

o   MTC supports the concept of “offline” mode, with limited capabilities:

§  CANNOT: Download, Upload, Create Folder, Delete

§  CANNOT: Navigate into folders that weren’t previously cached

§  CANNOT: Perform any operation on non-cached files

§  CAN: Preview, Open In, and Share cached (previously downloaded) files

§  CAN: View current folder cached listing

§  CAN: Navigate into sub-folders with previously cached listings

User Account (Profile) Provisioning

·         MTC has “Profiles”. Each profile is an account on an EFT Site

o   You can have up to 50 profiles

o   User can type in host, user, pass (optional), and a profile name (optional)

o   Some field validation occurs client side (e.g. max length)

·         Host (URL) format: https://user:pass@host:port

o   A password is not required (will prompt when needed)

o   Some grace over URL formatting

o   IP addresses (including IPv6) are permitted

·         EFT can generate a “single-click” link to easily provision a new profile in MTC

o   Single click link format: mtcapp://[followed by base64 encoded URL]

o   Decoding the URL will reveal the password

o   Future versions will encrypt and encode (shared private key between mobile and server)

·         The MTC link is sent along with users credentials on new account creation or password change

o   Users click (tap) link in email or paste into host field

o   Android quirks: sometimes require user tap on the alternate link

§  The alternate link uses http: instead of mtcapp:

o   When provisioned with the single-click link MTC will create the profile and “connect”

o   There are a number of logic paths for handling matching values when clicking on the link

·         Account deprecation – as normal. There is no remote wipe; but there is a workaround:

o   Remove user’s files from his home folder and allow him to connect

o   This will sync the empty remote list wiping out this local cache (if any) for that profile

 

Connect Logic

·         Every connection is stateless (does not persist a session; re-auth on each request)

·         When user taps on a profile MTC will:

o   Request server’s Security Policies (see below)

o   Request customer branded logo icon (see next)

o   Request JSON listing for current folder

·         Custom branded logo 200x200 icon.png in /wtc path

o   Larger squares downsized, others discarded, ignore if missing, use last or default

o   No max imposed, byte size note checked, no check if valid PNG!

·         When user taps on a directory (sub-folder) a request is sent for the JSON listing only

·         When a user taps on a file to download or uploads a file, MTC will

o   Perform a HEAD request to determine file existence and CRC value

o   Request the server’s Security Policies (see below)

o   Get or Put the file

·         On app launch MTC will “connect” to the selected or last connected to profile

·         On subsequent launches MTC will auto-connect to last connected to profile

·         Connecting to an alternate profile aborts any ongoing transfers

·         If auth fails user will be prompted for their password

o   Correct pass (if supplied) will replace a bad password in the profile

·         If required user will be prompted to change their password

·         Users can locate a lost username or password

·         Users cannot change their password once connected

·         Users can change their password on initial connect if server requires

More on passwords in Password section          


Directory Listing

·         Is a representation of the remote file system

·         There is no concept of a local listing

o   Because iOS doesn’t have a “file system”

o   Android does but we access it in different ways (see Uploads, Android Edit)

·         File types are represented by various types of icons (image, video, document, etc.)

·         Files with a tiny cloud icon represent files on the remote server that have not been downloaded

·         MTC stores directory listings in its internal database called a ‘cache’

·         Directory listing refresh is automatic the first time you visit a folder in the current profile session

·         Users can also manually refresh a listing (pull to refresh)

·         All refresh operations are synchronous (blocking)

o   Refresh timeouts if ~10 seconds and no response from server

§  Excludes processing time to synchronize the listing with its internal cache

·         File uploads, renames, deletes, etc. update the listing inline, but is not a true refresh

·         A refresh may reveal new items or remove items that are no longer reflected on the server

·         Listing is cached and can be displayed if no network or not connected

·         Sorting is alphanumeric in ascending order, folders first then files

o   Except in-progress transfers which are placed on top

·         Listings have been tested up to 10K items

·         MTC allows multi-select of files but not folders (see Upload/Download section)

 

File Storage

·         Profile Cache

o   Files downloaded are stored in a local profile “cache” that can only be accessed by MTC

§  In iOS this means the file is contained with the MTC app ‘sandbox’

§  In Android it is stored in a private internal partition of the internal SD card

·         Rooted device only workaround to access files directly

o   Even if you can no longer go online you can still access your cached files

§  But only for Preview, Open In, and Share operations

o   Cache is volatile because the remote is master:

§  Any operation on a cached file first checks to see if it is stale

§  If stale a newer version is downloaded, otherwise operation proceeds

§  Stale/fresh is checked using CRC integrity checking

§  If remote file has been deleted and you try to access its previously cached counterpart, the operation will alert you and will fail

·         Vault Cache

o   Offline Vault is for outside of profile, across multiple profiles

o   Files are copies of the originals if file was in cache when added to vault

§  Otherwise downloads copy straight from server to vault

o   Offline Vault is also used for staging uploads

§  Can also be used for site-to-site transfers (FXP)

o   Files in vault are protected from server changes

o   When adding same name files to vault it will resume, skip, or prompt to overwrite

·         Cache Purge

o   Cache size (across profiles, vault, logs) is user defined

§  Min is 100mb

§  Max is total disk (iOS), and size of internal SD partition (Android)

§  If cannot allocate the minimum then attempt to purge or fail

o   Profile cache files are auto-purged to make room for more files if more space is needed

§  Last Accessed First Out

§  Logs files are sacred and never auto-purged to make more room

§  Vault files are sacred and thus never auto-purged to make more room

§  All kinds of corner cases handled

o   Manual (user invoked) profile or cache purge also possible

§  Profile cache purge impacts ALL profiles

·         Future version will have profile specific cache purging

§  File transfers in progress are not purged

·         However queued (non-transferring) uploads are purged!

o   Automatically if Security Policy doesn’t allow cache or if Delete Cache on exit is enabled

§  Purge is ongoing for all but last used file

§  Purge occurs when app goes-to-background (iOS only)

§  Purge occurs on exit (Android only)

§  Purge occurs on Startup (both) for anything remaining that was missed

§  Vault and Logs can also be purged on exit via Settings

 


 

Security Policies

·         Security Policies are independent from file permissions

·         Security Policies control MTC functionality

·         Security Policies are PROFILE SPECIFIC!

·         MTC performs a Web services call to EFT to get server policies

o   Uses last known or default (all allow) if can’t obtain

o   If error then signals that this is unsupported EFT

o   Polices only apply to files in the remote (if file already in the vault, it’s too late)

·         Policies are site wide and mandate:

o   Password saving

§  Disallow password saving is also a local control over all profiles

§  Passwords cached in memory for app session duration only

o   Allow long term cache

§  For effects of long vs. short term cache see File Storage above

§  Multi-download disallowed when in this policy is set to not allow

o   Download files to vault

§  Files already there are not subject to this policy!

·         Remember vault is independent of any/all profiles and policies are profile specifc!

o   Allow Share

§  User can’t email file as attachment

§  Doesn’t affect logs

o   Allow Open in

§  User can’t open file in 3rd party app

 Data Security

·         Files encrypted in iOS if device level encryption is on

·         Android requires full device encryption

o   Conceal API in v1.1

·         Files are sandboxed in iOS

·         Files are stored in internal memory in Android

o   Subsection of internal SD card that is limited in space but completely inaccessible to other apps. This will change once Conceal API is supported, as we will then use a combination of these two locations. See administrator guide for more.

 Password Security

·         Passwords stored in keychain

·         Only edit mode allows password reveal

·         Forgot user/pass, initial change, but no pass change at will

·         Prompt for missing/bad, updates profile

·         Option to not store at all (in app)

·         Server side policy to disallow password save

·         Retained in memory for session duration

·         Passwords replaced with * in logs

·         Weak link is MTC link as password is only encoded there

·         If policy is set to not save passwords, then on app exit passwords are removed from memory and from the device key manager

 

File Upload and Download

·         Download

o   Support for single file download

§  Tap on row (downloads AND launches in Preview)

§  Tap on More Actions arrow and select Download

o   Support for multi-download

§  Tap on multi-select button top right then select items

§  Downloads are queued with several parallel transfers

§  User can navigate directory while downloads are occurring

·         But cannot initiate another multi-download

·         But can initiate a single “tap” to download+preview

o   Files downloaded are retained in that profile’s cache long term

§  Unless local or remote policies specifies otherwise

o   Folder (recursive) downloads not allowed

·         Upload

o   Single file uploads from gallery or vault (iOS)

§  Vault becomes like an upload staging area

o   Android file uploads from gallery, vault, or drive

o   To edit remote files and upload see Android Edit section

·         Both

o   Multi-transfers (up or down) support various interactions:

§  Tap to pause or to resume

§  Tap to retry failed transfer

§  Swipe to abort a specific transfer

§  Abort all transfers by tapping cancel

o   CRC used to determine skip, overwrite, resume, re-transfer

o   Abort multi-transfers all or one at a time

§  Removes cached copy if aborted download

§  Attempts to remove partial file on server if aborted upload

o   App exist results in aborted transfers with minimal cleanup

§  Transfers are aborted

§  Partial files may remain on remote site

·         But are not cleaned up on next launch

§  Cached listing and downloaded files are cleaned on next launch

o   Background transfers are supported when App is placed in background

o   Transfers are paused if operating system timeout occurs and task is not yet completed

§  Transfers will auto-resume once app is restored

§  User can tap to resume if auto-resume failed

o   Progress indicator shown for single or multi-transfers

§  Does not include CRC calculation. Can sit at 100% while CRC is going on

o   Switching profiles aborts current transfers (prompt first)

o   Exiting the app aborts all active transfers

§  No clean-up of partial uploads

§  On next app start MTC will clean-up partial downloads

o   Manual (user initiated) abort will result in clean-up of partial uploads

File and Folder Rename, Delete, Create New Folder

·         Delete

o   Subject to server permissions

o   Delete can be recursive (folders)

o   Multi-delete supported

o   Deleting a remote file also removes local cached copy (if exists)

o   Deletes that happen outside of MTC (to current, parent, or grandparent) folder:

§  No immediate impact to MTC

§  On refresh user is alerted that folder no longer exists

§  Alerts continue on Back button until user is back in existing folder

·         Rename

o   Subject to server permissions

o   Renames remote and if successful then local cached file (if present) is instantly renamed

o   Full UTF-8 support

o   Name validation check is <255 chars

o   Failed rename allows retry

·         Create

o   Subject to server permissions

 

Share, Open, Preview Operations

·         Share

o   Share only allowed if Security Policy allows sharing, and

§  if online (or offline and there is a cached copy)

o   Sharing file size limit is 25MB for iOS, 5 MB for Android

o   Share uses built-in email client, not same as Ad Hoc sharing

·         Open In

o   Open in only allowed if Security Policy allows Open In, and

§  if online (or offline and there is a cached copy)

§  There are 3rd party apps registered for that extension

o   On iOS that file is handed off to the 3rd party app and MTC is done

o   On Android after it is handed off we are in Android Edit mode. See next section

·         Preview

o   Opens the file in the internal (in-app) viewer

o   There are two ways to preview:

§  Tap on the middle of a row to download + preview

§  Tap on More Actions arrow and choose preview

o   Preview is not subject to Security Policies

o   Preview works even if offline if the file is cached

o   If online then Preview checks the CRC to make sure the file isn’t stale

§  But aborts CRC if it takes too long

o   Preview supports all file types supported by UIWebView in iOS:

§  As of this version: pdf, jpg, tiff, gif, mp3, aiff, m4a, wav, mov, mp4, m4v, doc, docx, ppt, pptx, xls, xlsx, key, pages, numbers, htm, rtf, ASCII (text files)

o   Preview supports all file types supported by WebView and customer viewer in Android:

§  As of this version: jpg, tiff, gif, png, htm, html, ASCII (text files)

o   If the file extension isn’t recognized MTC will prompt to open in ASCII (text) viewer or use Open In operation (but only if Security Policy allows Open In)

 

Android Edit

·         Only time where client is “master”

·         Open In on Android triggers a file monitor thread

·         If 3rd app makes changes then on return to MTC it will see change and prompt user to upload

·         A copy of the file is moved to the vault (future will use GUID)

·         File is then uploaded to the server and will overwrite original master

·         If original (master) was modified in between download and edit then master is lost

o   Future version to numerate

·         404 response to HEAD is ignored (e.g. if original (master) was deleted we still upload modified version).

 

 Support Tips

·         On iOS install iExplorer on your Windows system and plus your device in.

o   MTC files located under the Apps directory

·         Android. Rooted. Install ESFile Explorer and use Superex grant ESFile Explorer rooting permissions.

o   MTC files will be located at: [device]/data/data/com.globalscape.emc/

·         Enable all logging in MTC

·         Enable https logger in EFT

·         Use wireshark to sniff packets (will require server’s private key to decrypt)

·         Can’t connect? (Error 1200, 22, etc.)

o   Is EFT service and site started?

o   Is MTC trial expired?

o   Is cert expired?

o   Is service listening on correct port (do a netstat - abo -p TCP to verify)

o   Is IP banned?

o   Is user account locked or disabled?

o   Is firewall configured?

o   Is Site started?

o   Is MTC trying to switch to a non-existent path on connect?

o   Is MTC's profile config correct for this server?

o   Is MTC on same or accessible network?

o   Is Wireshark showing any traffic?

o   Is MTC logging turned on in MTC (examine logs)?

o   Is logging.cfg configured to log HTTPS logger (examine eft.log)? 

o   Many of these cases will

Details
Last Modified: 10 Years Ago
Last Modified By: rto
Type: INFO
Rated 2 stars based on 2 votes.
Article has been viewed 2.2K times.
Options
Also In This Category