Date: Tue, 12 Feb 2002 19:23:07 +1100 From: Edwin Groothuis <edwin@mavetju.org> To: Lord Raiden <raiden23@netzero.net> Cc: freebsd-questions@freebsd.org Subject: Re: Securing FTP Message-ID: <20020212192307.I494@k7.mavetju.org> In-Reply-To: <4.2.0.58.20020212015724.009d9a40@pop.netzero.net>; from raiden23@netzero.net on Tue, Feb 12, 2002 at 01:59:44AM -0500 References: <4.2.0.58.20020212015724.009d9a40@pop.netzero.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Feb 12, 2002 at 01:59:44AM -0500, Lord Raiden wrote: > Ok, one more question then I'll stop bugging you guys again. :) I was > informed recently by a friend of mine that the FTP server daemon we're > using on our machines, the FTPD that comes built into FreeBSD is insecure > and prone to security problems. Ask him about details :-) FTP can be considered insecure because it transmits plain-text passwords during the authentication handshake. Use a different authentication method for this then, for example sftp/scp which authentication handshake is done over an encrypted session. FTP can be considered insecure because it transmits the data as plain-text. Same here, use sftp/scp because it transmits its data over an encrypted session. But then... what ftp-daemon does he propose for this? You are talking about members-only ftp. Does it mean that everybody has access to the machine via a shell? Force them to use scp/sftp and all the previous objections are gone. But then your members will complain about the user-friendlyness of scp/sftp and they insist to have the old ftp back... So.... ask your "friend" what insecurities and security problems he knows about the FreeBSD ftpd and report them here. Then people can look at them and either fix or debunk them. Edwin -- Edwin Groothuis | Personal website: http://www.MavEtJu.org edwin@mavetju.org | Interested in MUDs? Visit Fatal Dimensions: ------------------+ http://www.FatalDimensions.org/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020212192307.I494>