Re: how to control sftp's user file folder

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On Tue, Mar 1, 2011 at 10:16 PM, Barry Brimer <lists@xxxxxxxxxx> wrote:
>> On 03/01/11 6:38 PM, Barry Brimer wrote:
>>> It is possible to instruct the FTPS client to keep the control channel in the
>>> clear so that firewalls that need to adjust to the ports being used can listen
>>> in on the conversation.  The FTPS server has to agree to allow this to happen.
>>
>> aren't username/passwords sent in the clear then too?   if so, whats the
>> point of using ftps ?
>
> No, they are not.  On the FTPS server you can require TLS encryption of
> everything, auth, data, control channel, nothing, or combinations of them.
> In this case you would require auth+data which would mean that your
> control channel is in the clear, but the username/password exchange and
> the data would be protected.  You could also use an SSL client certificate
> as authentication and negate the need for the password to be sent
> altogether.

*ouch*. Sounds like a lot of painful work and firewall negotiations to
get right (which I've run into a few times lately with NAT's and
slightly inconsistent NAT/firewall combinations this last year, though
that was for FTP).

Those sorts of issues are why I've gotten fond of WebDAV over HTTPS.
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos



[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux