[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Yudit text-editor
Stanislav Malyshev a.k.a Frodo writes:
> > Note: If you download this file in the following days, please don't
> > use a web browser for this purpose, but another FTP client. The
> > (temporary) strong security policy may refuse to serve FTP requests
> > from web browsers.
>
> Here I always thought that passive mode (which most browsers use) is much
> more security-friendly than active - you haven't to allow connections to
> some strange ports at your site.
On the contrary. Normal FTP ("active") is when the client listens on a
port, and tells the server to connect to it. For this to work the
server should be allowed to go out to any port of a remote machine,
which is OK. Passive FTP is when the _server_ listens on an arbitrary
port and tells the client to connect to it. For this you have to allow
incoming connections to any port on your firewall, which you _do not_
want to (you usually deny everything and open certain ports such as
25, 80, {20,21} and so on).
See also http://www.seifried.org/redhat-security/section02.html .
---
Alex Shnitman ...................... alexsh@linux.org.il
PGP key on Web page .......... http://alexsh.home.ml.org
Make this your home: .............. http://www.linux.org