From owner-freebsd-questions Fri Oct 26 5:44:47 2001 Delivered-To: freebsd-questions@freebsd.org Received: from chmls06.mediaone.net (chmls06.mediaone.net [24.147.1.144]) by hub.freebsd.org (Postfix) with ESMTP id E8A6637B403; Fri, 26 Oct 2001 05:44:39 -0700 (PDT) Received: from keyslapper.org (acadia.ne.mediaone.net [65.96.186.69]) by chmls06.mediaone.net (8.11.1/8.11.1) with ESMTP id f9QCj5h23090; Fri, 26 Oct 2001 08:45:06 -0400 (EDT) Received: (from leblanc@localhost) by keyslapper.org (8.11.6/8.11.6) id f9QCjKR82495; Fri, 26 Oct 2001 08:45:20 -0400 (EDT) (envelope-from leblanc) Date: Fri, 26 Oct 2001 08:45:20 -0400 From: Louis LeBlanc To: questions@FreeBSD.org, freebsd-questions@FreeBSD.org Subject: Re: ipfw rules for FTP - passive vs. active Message-ID: <20011026084520.B82301@keyslapper.org> Reply-To: freebsd-questions@FreeBSD.org Mail-Followup-To: questions@FreeBSD.ORG, freebsd-questions@FreeBSD.org References: <15320.17295.222857.730255@guru.mired.org> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: User-Agent: Mutt/1.3.23i X-bright-idea: Lets abolish HTML mail! Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On 10/26/01 09:45 AM, Patrick O'Reilly sat at the `puter and typed: > > . . . > > I have been using option (1) till now, but the pressure to back down is > mounting. I'll look into (2). My FTP is not for general anonymous access. > It is for exchange of data between trading partners, so I need to cater for > "secure" connections with login and password controlling access to the > server (don't laugh too loud please - I know FTPs "security" is, well, weak, > but the users feel better knowing that they have given a password!). Will > HTTP cater for file up-and-down loads with user authentication? Oh, yes. It will do so very well and more to the taste of your typical PHB or everyday suit. You'll have to know perl fairly well, or at least Apache (or IIS, if the local PHB didn't wake up with CodeRed and Nimda) authentication configuration. Http can be used to change configurations, modify databases, transfer files (both ways) and a plethora of other things you may not even have thought of as applicable to whatever problem you're trying to solve. > I've tried pushing people to use scp (Putty's sister called pscp does a > great job on Windoze platforms). However, the resistance to change is > mind-boggling! :( And that resistance comes from the very same people who > insist on having "secure" FTP logins and passwords. Go figure! Exactly. But putting ftp on an SSL connection is less than trivial. Search the OpenSSL users mailing list archives to find out. However, putting HTTP on an SSL connection *is* fairly trivial. And the interface is completely configurable. And it will be much easier to sell to your typical suit - expecially when you tell them that it can be much more secure, with client and server authentication, as well as a password. /rant Now I need to get off this horse :) HTH Lou -- Louis LeBlanc leblanc@keyslapper.org Fully Funded Hobbyist, KeySlapper Extrordinaire :) http://www.keyslapper.org ԿԬ job interview, n.: The excruciating process during which personnel officers separate the wheat from the chaff -- then hire the chaff. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message