Hi Eugene, > Following up my own posting to this list and subsequent comments, > I've assembled a web page with short security guide.
nice work. However, I'd like to point out a two edged sword in there: For "scp" you need ssh and shell access for the users, as you have correctly pointed out in your writeup. Well, giving people shell access opens the gates for other problems as there are quite a few things even an unprivileged user can do from the inside. So I wonder what's worse: having the unwashed masses storming your unsecured proFTPd port, or the chance of having one foul apple with shell access in the basket. In the end it is a matter of personal preference, as there are very few other alternatives available. Unless you opt for one of the various Secure-FTP or Safe(F)TP daemons available. -- With best regards, Michael Stauber SOLARSPEED.NET _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
