On Mon, 20 Jun 2011, Chenevard Alfredo wrote:

With SFTP I can use the -k option (this assume that the connection are insecure....) I don't understand what this will be mean. It's a insecure data connection, or the user/password will be unencrypt...?

-k with SFTP means that curl doesn't set the CURLOPT_SSH_KNOWNHOSTS option, which will make libcurl accept all connections to SFTP servers without checking if they are known.

This is insecure since it allows man-in-the-middle attacks without them being detected.

The SSH connection will however still get encryped as negotiated.

--

 / daniel.haxx.se
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette:  http://curl.haxx.se/mail/etiquette.html

Reply via email to