On Mon, 20 Jun 2011, Chenevard Alfredo wrote:
With SFTP I can use the -k option (this assume that the connection are insecure....) I don't understand what this will be mean. It's a insecure data connection, or the user/password will be unencrypt...?
-k with SFTP means that curl doesn't set the CURLOPT_SSH_KNOWNHOSTS option, which will make libcurl accept all connections to SFTP servers without checking if they are known.
This is insecure since it allows man-in-the-middle attacks without them being detected.
The SSH connection will however still get encryped as negotiated. -- / daniel.haxx.se ------------------------------------------------------------------- List admin: http://cool.haxx.se/list/listinfo/curl-library Etiquette: http://curl.haxx.se/mail/etiquette.html
