Ed Wilts wrote:
Is there a better FTP SW(more secure) than ProFTPD for server usage?
Given sftp access to the server, your customers could easily turn your system into an instant pirate site by using /tmp as a transfer location. They could retrieve all of your pam configuration files to see if you disable accounts after a predetermined number of failed logins. They could then retrieve /etc/passwd and issue a complete denial of server on your system by disabling all of your accounts. Its limitations like this that actually make ftp *more* secure than sftp in many environments even with the unencrypted traffic.
Ed, doesn't placing FTP users in a chroot jail make this impossible as well as allowing no FTP access by priviledged users? Or is that not possible with sftp as it's basically ssh?
-- Eucke
-- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
