WebApp Sec mailing list archives
Re: Secure FTP
From: "DaemonLabs.com Support (MLM)" <Lists () DaemonLabs com>
Date: Tue, 13 Jan 2004 16:19:24 +0100
You might want to have a look at the following URL: http://www.dart.com/dotnet/secureftp.asp PS: I'm not related to or biased by their products, just know they build these tools. There are ways to incorporate certs into your app - see below. Overview Using PowerTCP Secure FTP for .NET, easily transfer files using wildcards or streams, or exercise greater control by directly accessing the data connection. Secure the data using SSL encryption with certificate authentication. Full support for most major servers in both secure and un-secure modes, including Globalscape, WS_FTP, and Serv_U. a.. Written in C#. b.. Over 2 dozen tutorials and a comprehensive reference guide with full support for dynamic help are included with the integrated Help 2.0 documentation. c.. Can be used in traditional client applications and services as well as scalable ASP.NET applications. d.. Copy files between client and any FTP server - a single method call will do. Simple properties provide fine-grain control, and file data will spool to/from memory. Listings are captured as objects, so parsing is eliminated - a superior performer for your most demanding applications. e.. For efficiency and ease-of-use, file transfer options are set using simple properties and are automatically used as needed. f.. Automatically authenticates and encrypts/decrypts data sent and received with FTP using SSL2, SSL3, PCT or TLS g.. All major proxies are supported and SOCKS4/5 also supported in secure mode. h.. Contains support for all major SSL over FTP standards and configurable to other non-standard implementations! i.. Supports client-side AND server-side authentication j.. CertificateStore class provides extensive certificate management support. k.. Certificate class enables certificate verification and query. l.. Properties and events for certificate authentication give complete control over what is accepted or rejected. m.. Delete() method can recursively remove directory trees, and remove files using wild-cards. Careful with this one! n.. Upload/download multiple files using wild-cards , even directory trees, with only a single line of code. o.. Comprehensive Stream-based design provides awesome flexibility - overloaded methods provide direct stream access to the data connection, so you can process file transfers in memory (without ANY local disk access) p.. Can be used in BOTH event driven (asynchronous) and scripted (synchronous) application designs q.. Includes a royalty-free license. r.. 3-Level Customer Support s.. Debugging has been extended beyond run-time testing to a design-time Editor in every component to allow connectivity to be tested without compiling. Properties set in the Editor are recorded directly in the code, and a real-time feedback window gives detailed information about results. Kind regards, Marnix DaemonLabs.com - NL ----- Original Message ----- From: "Fletcher, Stephen J" <stephen.fletcher () eds com> To: "Scott, Richard" <Richard.Scott () BestBuy com>; <webappsec () securityfocus com> Sent: Tuesday, January 13, 2004 01:22 Subject: RE: Secure FTP
FTP through ssh is only able to secure the control channel and does not protect the data channel. Better methods of file transfer over ssh are sftp, scp or rsync. If you
want
to use the FTP protocol and need it secure look at TLS FTP -----Original Message----- From: Scott, Richard [mailto:Richard.Scott () BestBuy com] Sent: Tuesday, 13 January 2004 9:11 AM To: webappsec () securityfocus com Subject: Secure FTP Forum, Does anyone have any experience with any frameworks for Java and .Net for implementing secure FTP. I would like to review some products that have good interoperability with licensed versions of SSH. The scenario that I am envisioning is such: Application A uses a framework to built a secure FTP to a licensed secure FTP server. Application A uses a framework to built a secure FTP to a licensed secure SSH Server. I've seen some messy implementations of code calling SSH clients through shells, and I want to avoid that. Ideally the framework supports X509. I want a clean method of using secure FTP programmatically such that I can cleanly cpature exceptions etc. Any recommendations? Richard Scott Global Information Protection BestBuy Corporate Campus 7601 Penn Ave, South. Richfield, 55423. USA. The views expressed in this email do not represent Best Buy or any of its subsidiaries
--- Outgoing DaemonLabs.com E-Mail is AVG 2004 Certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.560 / Virus Database: 352 - Release Date: 08-Jan-04
Current thread:
- Secure FTP Scott, Richard (Jan 12)
- <Possible follow-ups>
- RE: Secure FTP Fletcher, Stephen J (Jan 12)
- Re: Secure FTP DaemonLabs.com Support (MLM) (Jan 13)
- RE: Secure FTP Scott, Richard (Jan 14)
- java auditing tool urgoez (Jan 14)