From owner-freebsd-security Wed Jun 13 17: 2:25 2001 Delivered-To: freebsd-security@freebsd.org Received: from point.osg.gov.bc.ca (point.osg.gov.bc.ca [142.32.102.44]) by hub.freebsd.org (Postfix) with ESMTP id 3C9DA37B401 for ; Wed, 13 Jun 2001 17:02:22 -0700 (PDT) (envelope-from Cy.Schubert@uumail.gov.bc.ca) Received: (from daemon@localhost) by point.osg.gov.bc.ca (8.8.7/8.8.8) id RAA32375; Wed, 13 Jun 2001 17:01:07 -0700 Received: from passer.osg.gov.bc.ca(142.32.110.29) via SMTP by point.osg.gov.bc.ca, id smtpda32373; Wed Jun 13 17:01:06 2001 Received: (from uucp@localhost) by passer.osg.gov.bc.ca (8.11.4/8.9.1) id f5E011j31558; Wed, 13 Jun 2001 17:01:01 -0700 (PDT) Received: from UNKNOWN(10.1.2.1), claiming to be "cwsys.cwsent.com" via SMTP by passer9.cwsent.com, id smtpdF31532; Wed Jun 13 17:00:01 2001 Received: (from uucp@localhost) by cwsys.cwsent.com (8.11.4/8.9.1) id f5DNwZG12612; Wed, 13 Jun 2001 16:58:35 -0700 (PDT) Message-Id: <200106132358.f5DNwZG12612@cwsys.cwsent.com> Received: from localhost.cwsent.com(127.0.0.1), claiming to be "cwsys" via SMTP by localhost.cwsent.com, id smtpdB12606; Wed Jun 13 16:57:51 2001 X-Mailer: exmh version 2.3.1 01/18/2001 with nmh-1.0.4 Reply-To: Cy Schubert - ITSD Open Systems Group From: Cy Schubert - ITSD Open Systems Group X-Sender: schubert To: Jamie Norwood Cc: Matt Dillon , Nate Williams , Garrett Wollman , freebsd-security@FreeBSD.ORG Subject: Re: IPFW almost works now. In-reply-to: Your message of "Wed, 13 Jun 2001 00:03:46 EDT." <20010613000346.A398@mushhaven.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Wed, 13 Jun 2001 16:57:51 -0700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org In message <20010613000346.A398@mushhaven.net>, Jamie Norwood writes: > On Tue, Jun 12, 2001 at 04:56:37PM -0700, Matt Dillon wrote: > > > > If you have to have a web server, and would only also have a ftp > > server to 'optimize' transfers, I would submit that whatever > > performance one perceives as having gained from running the ftp > > server (which I think is Balderdash as well) is offset by the fact > > that you are now running two pieces of server software that might > > potentially create a security hazzard rather then one. > > > > Since I can't do without my web server, ftpd is the one I turn off. > > > > Historically, a plain old Apache with no fancy modules turned on > > is just as secure... in fact, even more secure... then ftpd. Maybe > > because web servers focus on read-only stuff whereas ftpd tries to > > be general purpose read/write/exec/chmod/only-god-knows-what-else. > > So how, then, do you propose people upload files, a common use of ftp? > Since your alternative is 'bare-bones' Apache, you have just cut out a > function many of us rely on. Security through lack of usefulness is not > an option, IMHO. Generally uploading of files is done by users with valid accounts on the system, so sftp or scp would handle most file transfer challenges. Anonymous FTP could be handled through an HTTP POST. Regards, Phone: (250)387-8437 Cy Schubert Fax: (250)387-5766 Team Leader, Sun/Alpha Team Internet: Cy.Schubert@osg.gov.bc.ca Open Systems Group, ITSD, ISTA Province of BC To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message