[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: FTP access for users ?
Adam Morrison writes:
> > > PS. I hope you're aware that enabling non-anonymous ftp access not inside a
> > > firewalled network is basically equivalent to putting all your users'
> > > passwords in the plain text format and sending it to a ... er ... mailing
> > > list :)
> >
> > Do you mind elaborating on this issue?
>
> Unless the users are chrooted, they can grab your password file. And
On most sane sites, shadow passwords are used anyway, so the password
file doesn't contain much interesting info.
> regardless, eavesdroppers can sniff their passwords when they ftp in.
This is a real problem. Is anyone aware of any ssh-like FTP
replacement, besides scp? scp doesn't let me traverse directories, and
for all I know doesn't allow scp-only accounts (like FTP-only
accounts).
--
Alex Shnitman | http://www.debian.org
alexsh@hectic.net, alexsh@linux.org.il +-----------------------
http://alexsh.hectic.net UIN 188956 PGP key on web page
E1 F2 7B 6C A0 31 80 28 63 B8 02 BA 65 C7 8B BA
These download files are in Microsoft Word 6.0 format. After
unzipping, these files can be viewed in any text editor, including
all versions of Microsoft Word, WordPad, and Microsoft Word Viewer
-- From Micro$oft