(no subject)

Robert Connolly cendres at videotron.ca
Sat Mar 6 10:43:33 PST 2004


On March 6, 2004 01:40 pm, Anderson Lizardo wrote:
> On Sex, 05 Mar 2004 15:32:31 -0500, Archaic wrote:
> > On Fri, Mar 05, 2004 at 07:02:03PM +0000, Matthew Burgess wrote:
> > > Surely if it's a *hardened* box you wouldn't be installing plain ftpd
> > > on it and would opt for sftp?
> >
> > That's not necessarily true. It it were, then there would be no secure
> > http servers, either. Just https. Sftp is when the *delivery* needs to
> > be encrypted.
>
> I just read on a book that the password is also sent plaintext over the
> network on the FTP protocol.

Some ftpd's can disconnect a login if a real username is use, to prevent it 
from being sent in the clear. Ftpd's are okay if they're only used for 
anonymous users, and drop privleges. Vsftpd does this. Http is preferred 
because it uses a better protocol.



More information about the hlfs-dev mailing list