Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 13 Jun 2001 00:03:46 -0400
From:      Jamie Norwood <mistwolf@mushhaven.net>
To:        Matt Dillon <dillon@earth.backplane.com>
Cc:        Nate Williams <nate@yogotech.com>, Garrett Wollman <wollman@khavrinen.lcs.mit.edu>, freebsd-security@FreeBSD.ORG
Subject:   Re: IPFW almost works now.
Message-ID:  <20010613000346.A398@mushhaven.net>
In-Reply-To: <200106122356.f5CNubp50204@earth.backplane.com>; from dillon@earth.backplane.com on Tue, Jun 12, 2001 at 04:56:37PM -0700
References:  <657B20E93E93D4118F9700D0B73CE3EA0166D97D@goofy.epylon.lan> <20010612152856.A72299@mushhaven.net> <3B267827.5090002@lmc.ericsson.se> <20010612162749.A73655@mushhaven.net> <200106122044.QAA93356@khavrinen.lcs.mit.edu> <15142.42704.228823.693752@nomad.yogotech.com> <200106122356.f5CNubp50204@earth.backplane.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Tue, Jun 12, 2001 at 04:56:37PM -0700, Matt Dillon wrote:
> 
>     If you have to have a web server, and would only also have a ftp 
>     server to 'optimize' transfers, I would submit that whatever
>     performance one perceives as having gained from running the ftp
>     server (which I think is Balderdash as well) is offset by the fact
>     that you are now running two pieces of server software that might
>     potentially create a security hazzard rather then one.
> 
>     Since I can't do without my web server, ftpd is the one I turn off.
> 
>     Historically, a plain old Apache with no fancy modules turned on
>     is just as secure... in fact, even more secure... then ftpd.  Maybe
>     because web servers focus on read-only stuff whereas ftpd tries to
>     be general purpose read/write/exec/chmod/only-god-knows-what-else.

So how, then, do you propose people upload files, a common use of ftp? 
Since your alternative is 'bare-bones' Apache, you have just cut out a
function many of us rely on. Security through lack of usefulness is not
an option, IMHO.

Jamie

> 						-Matt
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010613000346.A398>