From owner-freebsd-security  Tue Jun 12 22:26:46 2001
Delivered-To: freebsd-security@freebsd.org
Received: from nsmail.corp.globalstar.com (gibraltar.globalstar.com [207.88.248.142])
	by hub.freebsd.org (Postfix) with ESMTP id 3894337B405
	for <freebsd-security@FreeBSD.ORG>; Tue, 12 Jun 2001 22:26:23 -0700 (PDT)
	(envelope-from crist.clark@globalstar.com)
Received: from globalstar.com ([207.88.154.2]) by
          nsmail.corp.globalstar.com (Netscape Messaging Server 4.15) with
          ESMTP id GEUSF800.EV6; Tue, 12 Jun 2001 22:25:56 -0700 
Message-ID: <3B26F975.84A0AD02@globalstar.com>
Date: Tue, 12 Jun 2001 22:26:13 -0700
From: "Crist Clark" <crist.clark@globalstar.com>
Organization: Globalstar LP
X-Mailer: Mozilla 4.72 [en] (Win98; U)
X-Accept-Language: en
MIME-Version: 1.0
To: Jamie Norwood <mistwolf@mushhaven.net>
Cc: Matt Dillon <dillon@earth.backplane.com>,
	Nate Williams <nate@yogotech.com>,
	Garrett Wollman <wollman@khavrinen.lcs.mit.edu>,
	freebsd-security@FreeBSD.ORG
Subject: Re: IPFW almost works now.
References: <657B20E93E93D4118F9700D0B73CE3EA0166D97D@goofy.epylon.lan> <20010612152856.A72299@mushhaven.net> <3B267827.5090002@lmc.ericsson.se> <20010612162749.A73655@mushhaven.net> <200106122044.QAA93356@khavrinen.lcs.mit.edu> <15142.42704.228823.693752@nomad.yogotech.com> <200106122356.f5CNubp50204@earth.backplane.com> <20010613000346.A398@mushhaven.net>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

Jamie Norwood wrote:
> 
> On Tue, Jun 12, 2001 at 04:56:37PM -0700, Matt Dillon wrote:
> >
> >     If you have to have a web server, and would only also have a ftp
> >     server to 'optimize' transfers, I would submit that whatever
> >     performance one perceives as having gained from running the ftp
> >     server (which I think is Balderdash as well) is offset by the fact
> >     that you are now running two pieces of server software that might
> >     potentially create a security hazzard rather then one.
> >
> >     Since I can't do without my web server, ftpd is the one I turn off.
> >
> >     Historically, a plain old Apache with no fancy modules turned on
> >     is just as secure... in fact, even more secure... then ftpd.  Maybe
> >     because web servers focus on read-only stuff whereas ftpd tries to
> >     be general purpose read/write/exec/chmod/only-god-knows-what-else.
> 
> So how, then, do you propose people upload files, a common use of ftp?

HTTP has POST and PUT. See RFC2616 for all of HTTP 1.1's capabilities.
Compare to RFC0959 for FTP (see section 4.1).
-- 
Crist J. Clark                                Network Security Engineer
crist.clark@globalstar.com                    Globalstar, L.P.
(408) 933-4387                                FAX: (408) 933-4926

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message