FTP(was Re: SCN: Homestead - no more free websites)
Don Logsdon
donlogs at cablespeed.com
Sat Nov 3 10:39:31 PST 2001
You wrote (in part)
........
ftp'ing the content of one's web site is pretty normal. It's how I put up
the
content for the Crisis Resource Directory. As far as I know, SCN isn't
opening
any ugly security holes by letting me do that. 'Put' access should be
available
only to people with write access to the relevant directory, right? Given
that,
I'm not sure in what sense you are saying ftp is insecure.
..........
a reply:
-----
For the benefit of the non techical amoungst us ...
FTP is file transfer protocol. It is two way - upload and dowload -
HTTP (the web browsing protocol) only shares files as download,
although the file requests are uploaded.
A server is a program that is running on a computer --
an FTP server is a program that listens for requests to connect for
transfering. To connect you must have the correct username
and password.
-------
The usual way to handle FTP access is by limiting the user to the
home direcory, and to any subdirectories below it. Not just for put,
but all access. This then allows any one with the correct username
and password to make modifications to the files as they please..
It gives them absolute control over their files, but no access at all
(including read only) to anyone elses files.
Certain users may log on to the root dirctory which gives them
access to the entire file tree, but as you pointed out above
they are still restricted by the file permmissions, which governs what
actions are permitted.
FTP is one of the oldest protocols on the internet. It predates the Web,
and is used in countless business every day. The only way I can see that
an FTP server could be classed as insecure would be to have one that
allows users to have "roaming" privlidges.
If SCN is running a *non secure* FTP server they should get a secure
server. I would imagine that there are any number free, or open source,
programs available that will run on a UNIX based operating system.
Don
* * * * * * * * * * * * * * From the Listowner * * * * * * * * * * * *
. To unsubscribe from this list, send a message to:
majordomo at scn.org In the body of the message, type:
unsubscribe scn
==== Messages posted on this list are also available on the web at: ====
* * * * * * * http://www.scn.org/volunteers/scn-l/ * * * * * * *
More information about the scn
mailing list