Date: Fri, 26 Oct 2001 08:45:20 -0400 From: Louis LeBlanc <leblanc+freebsd@keyslapper.org> To: questions@FreeBSD.org, freebsd-questions@FreeBSD.org Subject: Re: ipfw rules for FTP - passive vs. active Message-ID: <20011026084520.B82301@keyslapper.org> In-Reply-To: <NDBBIMKICMDGDMNOOCAIIEEGDMAA.patrick@mip.co.za> References: <15320.17295.222857.730255@guru.mired.org> <NDBBIMKICMDGDMNOOCAIIEEGDMAA.patrick@mip.co.za>
next in thread | previous in thread | raw e-mail | index | archive | help
On 10/26/01 09:45 AM, Patrick O'Reilly sat at the `puter and typed: > > . . . > > I have been using option (1) till now, but the pressure to back down is > mounting. I'll look into (2). My FTP is not for general anonymous access. > It is for exchange of data between trading partners, so I need to cater for > "secure" connections with login and password controlling access to the > server (don't laugh too loud please - I know FTPs "security" is, well, weak, > but the users feel better knowing that they have given a password!). Will > HTTP cater for file up-and-down loads with user authentication? Oh, yes. It will do so very well and more to the taste of your typical PHB or everyday suit. You'll have to know perl fairly well, or at least Apache (or IIS, if the local PHB didn't wake up with CodeRed and Nimda) authentication configuration. Http can be used to change configurations, modify databases, transfer files (both ways) and a plethora of other things you may not even have thought of as applicable to whatever problem you're trying to solve. > I've tried pushing people to use scp (Putty's sister called pscp does a > great job on Windoze platforms). However, the resistance to change is > mind-boggling! :( And that resistance comes from the very same people who > insist on having "secure" FTP logins and passwords. Go figure! Exactly. But putting ftp on an SSL connection is less than trivial. Search the OpenSSL users mailing list archives to find out. However, putting HTTP on an SSL connection *is* fairly trivial. And the interface is completely configurable. And it will be much easier to sell to your typical suit - expecially when you tell them that it can be much more secure, with client and server authentication, as well as a password. /rant Now I need to get off this horse :) HTH Lou -- Louis LeBlanc leblanc@keyslapper.org Fully Funded Hobbyist, KeySlapper Extrordinaire :) http://www.keyslapper.org ԿԬ job interview, n.: The excruciating process during which personnel officers separate the wheat from the chaff -- then hire the chaff. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011026084520.B82301>