[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Yudit text-editor



Stanislav Malyshev a.k.a Frodo writes:

 > > Note: If you download this file in the following days, please don't
 > > use a web browser for this purpose, but another FTP client. The
 > > (temporary) strong security policy may refuse to serve FTP requests
 > > from web browsers.
 > 
 > Here I always thought that passive mode (which most browsers use) is much
 > more security-friendly than active - you haven't to allow connections to
 > some strange ports at your site. 

On the contrary. Normal FTP ("active") is when the client listens on a 
port, and tells the server to connect to it. For this to work the
server should be allowed to go out to any port of a remote machine,
which is OK. Passive FTP is when the _server_ listens on an arbitrary
port and tells the client to connect to it. For this you have to allow 
incoming connections to any port on your firewall, which you _do not_
want to (you usually deny everything and open certain ports such as
25, 80, {20,21} and so on).

See also http://www.seifried.org/redhat-security/section02.html .


---
  Alex Shnitman ...................... alexsh@linux.org.il
  PGP key on Web page .......... http://alexsh.home.ml.org
  Make this your home: .............. http://www.linux.org