On Sun, 12 Sep 2004 11:11:00 -0700 (PDT), James Harrison <jamesaharrisonuk@xxxxxxxxxxx> wrote: > Has anyone looked at proftpd an alternative to vsftpd > (http://proftpd.linux.co.uk) ? > > It appears that it has a provision for ssl. > > No more need for clear text passwords...... So does vsftpd via openssl(though there are of course licensing issues associated with openssl which make adding for support for gnutls attractive). I won't bother giving you the faq url or the quote from the vsftpd manpage outlining that. I'll leave that as an excercise for the reader. But thats not the point... the point is a sane default that provides reasonable commonly expected functionality when the service is enabled in a reasonable safe fashion. Tradeoffs must be made between security and functionality and usability. Reasonable defaults find the balance. Reasonable.... that's a word that can't be stressed enough. Let's talk about reasonable for a minute.... I don't see anyone using the same arguments to say that httpd should come configured by default to ONLY do encypted authenticated based access. I wonder why that is? There is an expectation that httpd should come enabled by default to allow unencrypted public access when its enabled. Thats a reasonable expectation, considering http's widespread use as a public anonymous way to retrieve information. And i think the same expectation can be reasonable applied for default ftp server behavior, to enable anonymous public access to data. Both http and ftp can be configured for different purposes...but we are talking about reasonable defaults that strike the balance. And I for one find it...unreasonable...to talk about ftp's anonymous default access like its a special case situation, when no one is making the same arguments to lockdown httpd's default configuration. -jef"The reasonable man adapts himself to the world; the unreasonable one persists in trying to adapt the world to himself. Therefore all progress depends on the unreasonable man. --George Bernard Shaw"spaleta
