Date: Thu, 4 Dec 1997 05:54:35 -0500 (EST) From: Adam Shostack <adam@homeport.org> To: jkh@time.cdrom.com (Jordan K. Hubbard) Cc: security@FreeBSD.ORG Subject: Re: Possible problem with ftpd 6.00 Message-ID: <199712041054.FAA20091@homeport.org> In-Reply-To: <15222.881232488@time.cdrom.com> from "Jordan K. Hubbard" at "Dec 4, 97 02:48:08 am"
next in thread | previous in thread | raw e-mail | index | archive | help
Jordan K. Hubbard wrote: | > If you design systems such that people need to RTFM, your systems will | > fail. The FTP daemon should be re-written so that it doesn't ask for | > a password when its offering anonymous access. (As in http). | | Which would break the heck out of many traditional FTP clients which | expect every user, be it a legit one or an anonymous one, will result | in a password being requested by the ftpd and they'll probably fail | the handshake with your optimization. Nolo contendre. I've long argued that FTP is brain dead and should be replaced. It has a host of misfeatures (the TCP connection back to the client causes uncountable headache for firewall builders, the site exec mechanism is just not a good idea, etc). So please don't read it as a serious suggestion that we change the FTP daemon to fix this problem, but as an appeal to not design protocols that ask for ID for anonymous connection. Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199712041054.FAA20091>