Date: Wed, 13 Jun 2001 10:22:52 -0700 From: "Crist Clark" <crist.clark@globalstar.com> To: Brendan Murphy <bmurphy@carbon.cudenver.edu> Cc: Evren Yurtesen <yurtesen@ispro.net.tr>, Garrett Wollman <wollman@khavrinen.lcs.mit.edu>, Jamie Norwood <mistwolf@mushhaven.net>, freebsd-security@FreeBSD.ORG Subject: Re: HTTP and FTP Message-ID: <3B27A16C.32BAF75E@globalstar.com> References: <Pine.OSF.4.31.0106130944450.11114-100000@carbon.cudenver.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
Brendan Murphy wrote: > > On Tue, 12 Jun 2001, Crist Clark wrote: > > > Evren Yurtesen wrote: > > > > > > I wonder if it is possible in HTTP to make users login to their home dirs > > > automaticly and when they put files it goes in with their uid,gid and of > > > course they will login with their own passwords? etc. =) > > > > It should not be terribly difficult. > > It should (obviously) go without saying that you should _NOT_ use > /etc/passwd or the like as a basis for your authentication. With most current HTTP servers, something like a htpasswd file is already more common. However, if we are comparing to FTP, many FTP daemons, the ftpd(8) with FreeBSD included, only use /etc/passwd, system users, for authentication. In that case, why would using /etc/passwd be so much worse than the status quo? FTP only passes the password across the Internet in cleartext once per control session whereas you'd be doing it with every request in HTTP, but then again, HTTP over SSL is well established and standardized. FTP over SSL is a PITA for a lot of the same reasons FTP is a pain through firewalls (which was the genesis of this flam^H^H^H^H^H long thread). -- Crist J. Clark Network Security Engineer crist.clark@globalstar.com Globalstar, L.P. (408) 933-4387 FAX: (408) 933-4926 The information contained in this e-mail message is confidential, intended only for the use of the individual or entity named above. If the reader of this e-mail is not the intended recipient, or the employee or agent responsible to deliver it to the intended recipient, you are hereby notified that any review, dissemination, distribution or copying of this communication is strictly prohibited. If you have received this e-mail in error, please contact postmaster@globalstar.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3B27A16C.32BAF75E>