[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] maybe off topic, ports ftp



On Jan 19, piet <prooroa@xxxxxxxxxx> wrote:

> as for the apache server one can use port 8080 instead of 80.
> Is something likewise possible for ftp (pureftp in my case) to use
> something else as 20&21 say 8020&8021 or so.
>
> I would like to ftp to my server but it shouldn't be to obvious.
>
> Another question I struggle with how to configure ftp & apache in such a
> way that I can drag and drop files by means a browser on a remote box to
> upload files to the server after a login.
Since you asked on a security list, you'll get a "security" answer:
DON'T USE FTP. DON'T USE FTP. DON'T USE FTP.

Apart from being a catastrophic protocol (hard to firewall correctly), it
is not encrypted and passwords are transferred in clear text. If you want
to offer files for download, use your apache server. If you want to upload
files, use ssh/scp/sftp. There are nice drag&drop clients for sftp
available for windows (filezilla, winscp).

Markus
-- 
__________________    /"\
Markus Gaugusch       \ /    ASCII Ribbon Campaign
markus(at)gaugusch.at  X     Against HTML Mail
                      / \

-- 
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here