From owner-freebsd-security  Tue Jun 12 16:57:58 2001
Delivered-To: freebsd-security@freebsd.org
Received: from earth.backplane.com (earth-nat-cw.backplane.com [208.161.114.67])
	by hub.freebsd.org (Postfix) with ESMTP id C8A2237B401
	for <freebsd-security@FreeBSD.ORG>; Tue, 12 Jun 2001 16:57:55 -0700 (PDT)
	(envelope-from dillon@earth.backplane.com)
Received: (from dillon@localhost)
	by earth.backplane.com (8.11.3/8.11.2) id f5CNubp50204;
	Tue, 12 Jun 2001 16:56:37 -0700 (PDT)
	(envelope-from dillon)
Date: Tue, 12 Jun 2001 16:56:37 -0700 (PDT)
From: Matt Dillon <dillon@earth.backplane.com>
Message-Id: <200106122356.f5CNubp50204@earth.backplane.com>
To: Nate Williams <nate@yogotech.com>
Cc: Garrett Wollman <wollman@khavrinen.lcs.mit.edu>,
	Jamie Norwood <mistwolf@mushhaven.net>, freebsd-security@FreeBSD.ORG
Subject: Re: IPFW almost works now.
References: <657B20E93E93D4118F9700D0B73CE3EA0166D97D@goofy.epylon.lan>
	<20010612152856.A72299@mushhaven.net>
	<3B267827.5090002@lmc.ericsson.se>
	<20010612162749.A73655@mushhaven.net>
	<200106122044.QAA93356@khavrinen.lcs.mit.edu> <15142.42704.228823.693752@nomad.yogotech.com>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org


:> Balderdash!  HTTP and TCP both send files over identical TCP
:> connections, which makes them equally efficient.
:
:>From a raw protocol stack, yes.  However, most FTP servers are optimized
:for streaming out large bits of static data, while HTTP servers are less
:optimized for this.
:
:FTP servers can be more easily optimized (KISS et al), and hence FTP is
:a better protocol for simple file transfers.
:
:Nate

    If you have to have a web server, and would only also have a ftp 
    server to 'optimize' transfers, I would submit that whatever
    performance one perceives as having gained from running the ftp
    server (which I think is Balderdash as well) is offset by the fact
    that you are now running two pieces of server software that might
    potentially create a security hazzard rather then one.

    Since I can't do without my web server, ftpd is the one I turn off.

    Historically, a plain old Apache with no fancy modules turned on
    is just as secure... in fact, even more secure... then ftpd.  Maybe
    because web servers focus on read-only stuff whereas ftpd tries to
    be general purpose read/write/exec/chmod/only-god-knows-what-else.

						-Matt

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message