Syscrusher wrote: > On Wed, 2010-01-27 at 11:42 -0800, Domenic Santangelo wrote: > I run a coop server where some of the clients are *NIX users, some > clueful Windows users, and some clueless Windows users. The *NIX and > clueful Windows users all use SSH and SFTP, but the clueless Windows > users refuse to use PuTTY or anything like it because "Microsoft > FrontPage supports FTP!!!!". (Not all the sites on the server are > Drupal.) >
Microsoft FrontPage FTP is just as insecure as any FTP. That's a horrible excuse. I'm sure you'll find that the recommended practice from any vendor if you have to use FTP is to use a VPN. There are lots of software packages which are easier to use than PuTTY for file transfer. I have convinced many non-technical clients to use WinSCP over the years; it's very similar to most Windows tools. If they're referring to "publishing" from FrontPage or another legacy software to the site via FTP, make them use stunnel or PuTTY tunneling or a local FTP to SFTP gateway. There are many good solutions to this problem. Speak up! You're responsible for the security of your servers, so don't let anyone else make poorly-informed security decisions in your name! If they won't do it, raise a stink and insist on a signed release of liability for the inevitable loss of business from using bad practices. Every compromised account gives these abusers more encouragement to keep writing new attacks. </fire and brimstone> JT
