Bugtraq mailing list archives
Re: your mail
From: sblair () upurbmw us dell com (Steven C. Blair)
Date: Mon, 16 May 1994 11:39:25 -0500
John MacDonald says: There is one advantage in doing this sort of thing. There is a powerful security advantage in having many off-site copies of the ls-lR+hash file. It is *really* hard for to cracker to spoof a change to an existing file If folks would quit using writable directories in their hierarchies then the problem goes away. There are few to NO compelling reasons with my years of experience that justify writable directories in anonymous FTP. You're just asking for trouble, with a big "T". If you must justify having a writable directory that is FTp reachable from an external network, either use a seperate login with a one-time passwd that is changed mutually by both parties on your sites' end, or learn the intricacies(sp?) of WU-FTPD which can prevent a lot of problems. scb -- Steven C. Blair dell computer corp [ ] Unless this box is signed with an X I don't speak for my keepers....
Current thread:
- Re: trojans on ftp sites der Mouse (May 14)
- Re: trojans on ftp sites Peter Deutsch (May 14)
- <Possible follow-ups>
- Re: trojans on ftp sites Paul Robinson (May 14)
- Re: your mail Christopher Klaus (May 14)
- Re: trojans on ftp sites smb () research att com (May 14)
- Re: your mail John Macdonald (May 16)
- Re: your mail Steven C. Blair (May 16)
- Re: your mail John Macdonald (May 16)
- Re: your mail Christopher Klaus (May 16)
- Re: your mail Adam Shostack (May 16)
- Re: your mail John Macdonald (May 16)
- Checksums in FTP servers. Scott Northrop (May 16)