[ale] Still using plain FTP? Why?
JD
jdp at algoloma.com
Mon Jan 19 11:35:13 EST 2015
On 01/19/2015 10:00 AM, Jim Lynch wrote:
>>
> Can you believe that there are still web hosting companies that only support ftp
> access?
Really? Time to fire them until they move into 1996.
Not going to disagree with telnet as a debugging tool.
Anonymous access it the only reasonable reason, IMHO. Basically, anything you've
put on those machines (not just in the FTP area) is available, based on
multiple, prior, security issues with the 3 most popular FTP servers - i.e. back
doors.
Security? So, can I please have your password? Using FTP with a login is like
giving it to anyone who happens to be able to intercept the traffic. If that
password isn't just for FTP (perhaps the same for ssh or cpanel?), then that
system is compromised.
On 01/19/2015 10:24 AM, Brian Schenken wrote:
> I use FTP where the server requires it or where security isn't a concern.
> Some folks / scripts might still use FTP to transfer text files and convert
> line breaks in one go via ASCII mode.
sftp is designed as a 100% compatible replacement. Just create an alias from
"ftp" to "sftp".
It is possible to change the sftp encryption to something trivial, which uses
less CPU. I'd never do that over the WAN, just the LAN. OTOH, we use CIFS and
NFS on the LAN which have just a tiny bit more security than FTP.
More information about the Ale
mailing list