From owner-freebsd-security Wed Jun 13 8:24:29 2001 Delivered-To: freebsd-security@freebsd.org Received: from diarmadhi.mushhaven.net (diarmadhi.mushhaven.net [209.16.107.11]) by hub.freebsd.org (Postfix) with ESMTP id 989BC37B403 for ; Wed, 13 Jun 2001 08:24:24 -0700 (PDT) (envelope-from mistwolf@diarmadhi.mushhaven.net) Received: (from mistwolf@localhost) by diarmadhi.mushhaven.net (8.11.4/8.11.4) id f5DFOlg01098 for freebsd-security@freebsd.org; Wed, 13 Jun 2001 11:24:47 -0400 (EDT) (envelope-from mistwolf) Date: Wed, 13 Jun 2001 11:24:47 -0400 From: Jamie Norwood To: freebsd-security@freebsd.org Subject: Re: OT: FTP almost gone now? (was: Re: IPFW almost works now.) Message-ID: <20010613112447.B1043@mushhaven.net> References: <20010613111421.A777@mushhaven.net> <72097.992445650@axl.seasidesoftware.co.za> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <72097.992445650@axl.seasidesoftware.co.za>; from sheldonh@starjuice.net on Wed, Jun 13, 2001 at 05:20:50PM +0200 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Wed, Jun 13, 2001 at 05:20:50PM +0200, Sheldon Hearn wrote: > > > On Wed, 13 Jun 2001 11:14:21 -0400, Jamie Norwood wrote: > > > My main issue is that noone has yet given me a good reason WHY FTP should > > be depreciated. > > Because it uses out-of-band socket connections for the actual transfer, > while HTTP transactions occur through a single socket connection. This > makes HTTP much easier to support from a firewalling perspective. Which is all well and good, but doesn't say why FTP should be replaced. There are far more people using FTP from outside firwewalls than inside. And a properly configured firewall should not have much problem. I have been behind plenty of firewalls and been perfectly able to FTP. And they were no more insecure than one that allows in/out http traffic. Jamie > as simple as HTTP from a firewall admin's perspective. > > Ciao, > Sheldon. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message