[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] maybe off topic, ports ftp



> DON'T USE FTP. DON'T USE FTP. DON'T USE FTP.
>
> Apart from being a catastrophic protocol (hard to firewall correctly), it
> is not encrypted and passwords are transferred in clear text. If you want
> to offer files for download, use your apache server. If you want to upload
> files, use ssh/scp/sftp. There are nice drag&drop clients for sftp
> available for windows (filezilla, winscp).

There are some ftp-daemons that use encrypted passwd as well.
If you use pasv mode only ports 20:21 are used.
If you use vsftpd you will be able to controll high ports used by the daemon
and so on and so on.

So why not use ftp (only with limited user rights).

Philippe

P.S.: Yes I know what you can do nice things with ftp :-)


-- 
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here