Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 13 Jun 2001 16:57:51 -0700
From:      Cy Schubert - ITSD Open Systems Group <Cy.Schubert@uumail.gov.bc.ca>
To:        Jamie Norwood <mistwolf@mushhaven.net>
Cc:        Matt Dillon <dillon@earth.backplane.com>, Nate Williams <nate@yogotech.com>, Garrett Wollman <wollman@khavrinen.lcs.mit.edu>, freebsd-security@FreeBSD.ORG
Subject:   Re: IPFW almost works now. 
Message-ID:  <200106132358.f5DNwZG12612@cwsys.cwsent.com>
In-Reply-To: Your message of "Wed, 13 Jun 2001 00:03:46 EDT." <20010613000346.A398@mushhaven.net>
next in thread | previous in thread | raw e-mail | index | archive | help 
In message <20010613000346.A398@mushhaven.net>, Jamie Norwood writes:
> On Tue, Jun 12, 2001 at 04:56:37PM -0700, Matt Dillon wrote:
> > 
> >     If you have to have a web server, and would only also have a ftp 
> >     server to 'optimize' transfers, I would submit that whatever
> >     performance one perceives as having gained from running the ftp
> >     server (which I think is Balderdash as well) is offset by the fact
> >     that you are now running two pieces of server software that might
> >     potentially create a security hazzard rather then one.
> > 
> >     Since I can't do without my web server, ftpd is the one I turn off.
> > 
> >     Historically, a plain old Apache with no fancy modules turned on
> >     is just as secure... in fact, even more secure... then ftpd.  Maybe
> >     because web servers focus on read-only stuff whereas ftpd tries to
> >     be general purpose read/write/exec/chmod/only-god-knows-what-else.
> 
> So how, then, do you propose people upload files, a common use of ftp? 
> Since your alternative is 'bare-bones' Apache, you have just cut out a
> function many of us rely on. Security through lack of usefulness is not
> an option, IMHO.

Generally uploading of files is done by users with valid accounts on 
the system, so sftp or scp would handle most file transfer challenges.  
Anonymous FTP could be handled through an HTTP POST.


Regards,                         Phone:  (250)387-8437
Cy Schubert                        Fax:  (250)387-5766
Team Leader, Sun/Alpha Team   Internet:  Cy.Schubert@osg.gov.bc.ca
Open Systems Group, ITSD, ISTA
Province of BC



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200106132358.f5DNwZG12612>