On Tue, Feb 24, 2004 at 08:12:02AM -0600, Mike Vanecek wrote: > It is a shame, because it forces one to use ftp which is quite insecure. In many cases, ftp is *more* secure that sftp. With most ftp servers, you have an excellent ability to limit what the user can and can not do, such as restricting which directories that they can upload to and which they can download from. Many people think that just because your credentials are encrypted, you're safe. Well, give me access to a non-root account on a server with sftp access and I'll DOS you by filling /tmp or /var/tmp. Perhaps I'll steal world-readable code that you have a contractual obligation with a vendor to protect. Without a strong chroot environment, sftp is dangerous and gives people a false sense of security. All that said, I would really, really like a fully-encrypted file transfer protocol with the functionality and flexibility of wu-ftpd. And, of course, it has to work through firewalls which ftp/tls doesn't do well. -- Ed Wilts, Mounds View, MN, USA mailto:ewilts@xxxxxxxxxx Member #1, Red Hat Community Ambassador Program -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
