Mike, Thanks for clearing that up. When I first read Mr. Howansky's post regarding my question, I was indeed a little confused about the insecurities of FTP when over a dial-up connection. I do need to allow my agencies the ability to both download and upload this information. Therefore, I am still looking in the direction of FTP.
I would prefer some other method that is a little more robust than FTP. However, we are keeping future HIPAA regulations in mind and would rather go with the safer method of dial-up FTP. If anyone has any other suggestions, please feel free to respond. Thanks to all those that posted responses. Your suggestions and advice are greatly appreciated! Sincerely, Mason Landrum -----Original Message----- From: Mike Burden [mailto:[EMAIL PROTECTED]] Sent: Monday, March 18, 2002 8:58 AM To: [EMAIL PROTECTED] Subject: RE: [gb-users] WWW and FTP on same box? If you look back, Mr. Landrum was talking about using FTP over a dialup (RAS) connection, not over the Internet. This would negate the insecurity of FTP, as the connection would not be made over a public network. Mike Burden Lynk Systems http://www.lynk.com (616)532-4985 [EMAIL PROTECTED] > -----Original Message----- > From: Alex Howansky [mailto:[EMAIL PROTECTED]] > Sent: Saturday, March 16, 2002 8:28 PM > To: [EMAIL PROTECTED] > Subject: RE: [gb-users] WWW and FTP on same box? > > > > > > Would it be safe to have a FTP site containing sensitive data > > > set up on the same machine we use for our web site? What > do you think? > > > > Severl of the security flaws that have been found in IIS > > are of the type that allow the attacker to gain access > > to the contents of any file on the system, even if it's > > not within the website. > > In addition, the ftp protocol is itself insecure. If your > data is sensitive, > ftp is not the way you want to be distributing it. If you > only need to support > downloads, then perhaps a password protected SSL web site > with directory > indexing might work for you... > > -- > Alex Howansky > Wankwood Associates > http://www.wankwood.com/ > > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > To subscribe to the digest version first unsubscribe, then > e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] To subscribe to the digest version first unsubscribe, then e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] To subscribe to the digest version first unsubscribe, then e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
