RE: virtual server - security

["Alun Jones" <alun () texis com>]

[EMAIL PROTECTED] <> wrote on Wednesday, March 31, 2004 11:35
AM: 
> Sniffing on the LAN isn't my main concern, it's the
> concentration points
> inbetween A and B.  Good idea on the SSL wrapper on Telnet,
> although the
> original poster said they doesn't want to offer shell access.  I'm
> not quite sure the security community's concensus would agree that FTP
> is better than
> SCP/SFTP.  I certainly don't, but I've already made that
> point.  So that
> leaves us with flaws in implementation *and* plaintext
> usernames/passwords. That doesn't give me warm fuzzies.

Could I interrupt this rather unenlightening exchange for just a moment to
point out that you can have your cake _and_ secure it?

There's a good couple of dozen implementations of the draft standard for FTP
over SSL / TLS listed at
http://www.ford-hutchinson.com/~fh-1-pfh/ftps-ext.html, not to mention any
of a number of other FTP schemes that avoid passing usernames and passwords
around in plaintext (S/Key, SASL, etc).  You can have the comfort of FTP,
the protocol you've come to love, at the same time as using a secure
communications protocol that has become trusted by millions (although, with
the number of "didn't read the instructions" mistakes made by some of the
implementations, goodness only knows why).

Okay, if I go on with this much longer, it'll turn into an advert, so I'll
leave it at that.

Alun.
~~~~
-- 
Texas Imperial Software   | Find us at http://www.wftpd.com or email
1602 Harvest Moon Place   | [EMAIL PROTECTED]
Cedar Park TX 78613-1419  | WFTPD, WFTPD Pro are Windows FTP servers.
Fax/Voice +1(512)258-9858 | Try our NEW client software, WFTPD Explorer.