[WBEL-users] vsFTPd
Ed
ekg@tricity.wsu.edu
Tue, 18 May 2004 15:31:15 -0700
> ftp is a Bad Idea if used over an insecure network, since passwords can
> be trivially sniffed. (Trivial = less than 30 seconds). I have to use
> it on our internal network since the PC people haven't tumbled to SSH,
> but I use www.cygwin.com's Cygnus Tools for Windows for personal
> connections to the WhiteBox server which provides a UN*X shell under XP
> (including KDE 3.1.4, which works although a bit slowly - installation
> was a bear, apparently due to problems with connections to Sourceforge,
> I finally did the install by manually downloading everything to a local
> directory and then installing from that directory).
>
> The other solution on an internal network is to run samba, which is my
> preferred solution since this lets PC people use PC tools. Since samba
> allows for encrypted passwords I doubt that this is less secure than
> ftp.
Nothing is less secure than FTP. :-) But if you're really concerned
about security, I wouldn't use windows file sharing since it's passwords
can be cracked pretty easily. I think in general if a malicious someone
has r00t on your local network it's hard to keep your stuff secure
unless you run ipsec.
Ed
>
> Another solution is to set up an http server, and then control access
> through .htaccess files.
>
> Mike Squires