Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 12 Jun 2001 16:56:37 -0700 (PDT)
From:      Matt Dillon <dillon@earth.backplane.com>
To:        Nate Williams <nate@yogotech.com>
Cc:        Garrett Wollman <wollman@khavrinen.lcs.mit.edu>, Jamie Norwood <mistwolf@mushhaven.net>, freebsd-security@FreeBSD.ORG
Subject:   Re: IPFW almost works now.
Message-ID:  <200106122356.f5CNubp50204@earth.backplane.com>
References:  <657B20E93E93D4118F9700D0B73CE3EA0166D97D@goofy.epylon.lan> <20010612152856.A72299@mushhaven.net> <3B267827.5090002@lmc.ericsson.se> <20010612162749.A73655@mushhaven.net> <200106122044.QAA93356@khavrinen.lcs.mit.edu> <15142.42704.228823.693752@nomad.yogotech.com>
next in thread | previous in thread | raw e-mail | index | archive | help 

:> Balderdash!  HTTP and TCP both send files over identical TCP
:> connections, which makes them equally efficient.
:
:>From a raw protocol stack, yes.  However, most FTP servers are optimized
:for streaming out large bits of static data, while HTTP servers are less
:optimized for this.
:
:FTP servers can be more easily optimized (KISS et al), and hence FTP is
:a better protocol for simple file transfers.
:
:Nate

    If you have to have a web server, and would only also have a ftp 
    server to 'optimize' transfers, I would submit that whatever
    performance one perceives as having gained from running the ftp
    server (which I think is Balderdash as well) is offset by the fact
    that you are now running two pieces of server software that might
    potentially create a security hazzard rather then one.

    Since I can't do without my web server, ftpd is the one I turn off.

    Historically, a plain old Apache with no fancy modules turned on
    is just as secure... in fact, even more secure... then ftpd.  Maybe
    because web servers focus on read-only stuff whereas ftpd tries to
    be general purpose read/write/exec/chmod/only-god-knows-what-else.

						-Matt

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200106122356.f5CNubp50204>