If you look back, Mr. Landrum was talking about using FTP over a dialup (RAS) connection, not over the Internet. This would negate the insecurity of FTP, as the connection would not be made over a public network.
Mike Burden Lynk Systems http://www.lynk.com (616)532-4985 [EMAIL PROTECTED] > -----Original Message----- > From: Alex Howansky [mailto:[EMAIL PROTECTED]] > Sent: Saturday, March 16, 2002 8:28 PM > To: [EMAIL PROTECTED] > Subject: RE: [gb-users] WWW and FTP on same box? > > > > > > Would it be safe to have a FTP site containing sensitive data > > > set up on the same machine we use for our web site? What > do you think? > > > > Severl of the security flaws that have been found in IIS > > are of the type that allow the attacker to gain access > > to the contents of any file on the system, even if it's > > not within the website. > > In addition, the ftp protocol is itself insecure. If your > data is sensitive, > ftp is not the way you want to be distributing it. If you > only need to support > downloads, then perhaps a password protected SSL web site > with directory > indexing might work for you... > > -- > Alex Howansky > Wankwood Associates > http://www.wankwood.com/ > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > To subscribe to the digest version first unsubscribe, then > e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] To subscribe to the digest version first unsubscribe, then e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
