Date: Thu, 4 Dec 1997 03:10:04 -0500 (EST) From: Adam Shostack <adam@homeport.org> To: robert@cyrus.watson.org Cc: security@freebsd.org Subject: Re: Possible problem with ftpd 6.00 Message-ID: <199712040810.DAA19509@homeport.org> In-Reply-To: <Pine.BSF.3.96.971202102020.427C-100000@cyrus.watson.org> from Robert Watson at "Dec 2, 97 10:26:31 am"
next in thread | previous in thread | raw e-mail | index | archive | help
If you design systems such that people need to RTFM, your systems will fail. The FTP daemon should be re-written so that it doesn't ask for a password when its offering anonymous access. (As in http). Adam Robert Watson wrote: | The notice clearly states that one should send ones email address as the | password. One of the caveats of having network capability is that users | must know when (and when not) to give their passwords. If you cannot | trust them to not enter their password when connecting to a remote system | using FTP, you really should not be even allowing them near a UNIX account | that has network access of any kind. Education is more important here, I | think, than making changes that may break existing programs. | | Robert N Watson | | Junior, Logic+Computation, Carnegie Mellon University http://www.cmu.edu/ | Network Administrator, SafePort Network Services http://www.safeport.com/ | robert@fledge.watson.org rwatson@safeport.com http://www.watson.org/~robert/ | | -- "It is seldom that liberty of any kind is lost all at once." -Hume
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199712040810.DAA19509>