Actually, I didn't start all the security talk. Somebody else brought it up, and I can never turn down an interesting conversation. =)
Actually, I really don't care if somebody sniffs the stuff I will be uploading. Hell, I always thought that if there is the possibility of a rogue sniffer on your network, you have bigger problems than somebody stealing your php code. ----- Original Message ----- From: "Dustin Puryear" <[EMAIL PROTECTED]> To: <[email protected]> Sent: Thursday, June 27, 2002 10:48 AM Subject: Re: [brlug-general] vfs? > Jason, while I certainly appreciate everyone being very security focused > here, I think this is getting a bit complex for editing webpages. Is the > data in the webpages in any way confidential? If not then just use the ftp > feature you mentioned in the editor. > > I guess the question is if this information is worth the amount of trouble > required to secure it? Is there any reason to expect an internal employee > would spoof your MAC on the switch and sniff your network traffic? > > There are many situations where a decision is made that convenience or > manageability is more important than security. Take NIS, NFS, HTTP, SMTP, > POP3, and IMAP for example. So look at where you will be deploying a > protocol (ie., internally) and decide if it's okay to lower your security > requirements. In many situations it is okay. > > Regards, Dustin > > At 04:59 PM 6/26/2002 -0700, you wrote: > >Jason: > > I could be wrong on this one, but I do not think that FTP can be > >used with ssh. The FTP protocol is too old and sends everything in > >the clear. There is an sftp client, but I have not had any success > >with it. There is a brief howto at sourceforge on it, but they > >really do not seem to support the protocol. > > > >Doug Riddle > > > >--- Jason DeWitt <[EMAIL PROTECTED]> wrote: > > > Most of this would be done on the local lan,I don't feel much like > > > working > > > when I get home, I just play games. =) > > > > > > Yeah, I can scp it up there, but then that negates the whole > > > conversation, > > > becasue I was wanting to get away from making a change to a file > > > then having > > > to upload it to the server every time. either via ftp or scp. I > > > just > > > realized I don't think I told everyone that I was talking about > > > editing > > > webpages here. > > > > > > I think I am going to try out that ftpfs, but back to our security > > > discussion, can't you tunnel your ftp session through ssh? If so is > > > that > > > something that the server will have to be set up to allow? I would > > > assume > > > so. > > > ----- Original Message ----- > > > From: "John Hebert" <[EMAIL PROTECTED]> > > > To: <[email protected]> > > > Sent: Wednesday, June 26, 2002 5:08 PM > > > Subject: Re: [brlug-general] vfs? > > > > > > > > > > --- Jason DeWitt <[EMAIL PROTECTED]> wrote: > > > > > well, that is kind of hard to answer. Our main > > > > > production server is > > > > > windows2000, and I have a small linux box running > > > > > apache for my wife's > > > > > website and I mess around on it too. If I am at > > > > > work, I am accessing > > > > > them from a Win2k workstation. If I'm at home, it > > > > > will be either a Win2k > > > > > box or Linux, depending on if I rebooted or not. =) > > > > > > > > Ai-yi-yi. > > > > > > > > > I know I could do either NFS or Samba, but aren't > > > > > there considerable > > > > > security risks? Especially doing NFS over the > > > > > internet? I know windows > > > > > file sharing is full of holes, since Samba is > > > > > emulating that, does it > > > > > have the same shortcomings? > > > > > > > > Sure, the same risks exist. But I was assuming a LAN. > > > > If your connections are both LAN and Internet, then > > > > you really should install OpenSSH 3.4 on your boxen > > > > and just do 'scp file > > > > [EMAIL PROTECTED]:/ftp/dir/blah/blah/'. You can compile > > > > OpenSSH under cygwin or I _think_ ssh.com has an sshd > > > > for Windoze boxes. > > > > > > > > You should not use valuable passwords over FTP over > > > > the Internet, for all the reasons stated before. You > > > > can configure ssh/scp to use locally stored keys and > > > > therefore not need passwords, which is really more > > > > secure than passwords, when you think about it. > > > > > > > > John Hebert > > > > > > > > > ha! It's amazing what you can find when you know the > > > > > right words to > > > > > search for in google! Have a look at this, > > > > > > > > > http://www.mandrakeuser.org/docs/connect/cnetips2.html > > > > > > > > > > John Hebert wrote: > > > > > > What operating systems are you using on the client > > > > > and > > > > > > server, Jason? You can use NFS to mount remote > > > > > > filesystems between UNIX boxen, and if your client > > > > > is > > > > > > a Windoze box and the server is a UNIX box, you > > > > > can > > > > > > use SAMBA to make the UNIX box look like a Windoze > > > > > > box. > > > > > > > > > > > > But if mounting an FTP dir is what you want, I > > > > > believe > > > > > > it is doable, as I've heard of others in the past > > > > > > doing it. I just don't know how. :P > > > > > > > > > > > > Good luck! > > > > > > John Hebert > > > > > > > > > > > > --- Doug Riddle <[EMAIL PROTECTED]> wrote: > > > > > > > > > > > >>Jason: > > > > > >> A couple of things... > > > > > >> If the server is on your lan, then you > > > > > probably > > > > > >>do not have to > > > > > >>use FTP to get to that directory. The FTP > > > > > directory > > > > > >>is just another > > > > > >>directory on the sever. The server connects FTP > > > > > >>requests to that > > > > > >>directory as a an FTP share by default. If you > > > > > can > > > > > >>browse the > > > > > >>server, you can probably mount that directory > > > > > >>without FTP. (It helps > > > > > >>to be admin to do that... ;->) > > > > > >> A switched network is still venerable to > > > > > >>sniffing, the nature of > > > > > >>the switches or hubs doesn't stop a sniffer. > > > > > >>However, if your LAN is > > > > > >>locallized, and does not connect remote sites, > > > > > then > > > > > >>sniffing is less > > > > > >>likely. > > > > > >> For what you are doing, I would suggest > > > > > trying > > > > > >>to get the rights > > > > > >>to access the sever without FTP. Barring that, > > > > > you > > > > > >>might look into > > > > > >>tcl, or Midnight Commander. If they won't let you > > > > > >>connect to the FTP > > > > > >>share without FTP, they probably will not be happy > > > > > >>with tcl though > > > > > >>either. > > > > > >> > > > > > >>Doug Riddle > > > > > >> > > > > > >>--- Jason DeWitt <[EMAIL PROTECTED]> wrote: > > > > > >> > > > > > >>>Yeah, I'm looking for the convience. Plus, I'm on > > > > > >> > > > > > >>the same LAN as > > > > > >> > > > > > >>>where > > > > > >>>I am transferring these files. It is a switched > > > > > >> > > > > > >>network, as I > > > > > >> > > > > > >>>understand > > > > > >>>it you shouldn't be able to sniff that out. > > > > > >>> > > > > > >>>I've done some research, it seems that vfs is > > > > > what > > > > > >> > > > > > >>allows you to > > > > > >> > > > > > >>>mount > > > > > >>>diffrent filesystems to the one you are running. > > > > > >> > > > > > >>ie: fat32, ntfs, > > > > > >> > > > > > >>>the > > > > > >>>bsd filesystem(can't remember name). Some of what > > > > > >> > > > > > >>I read, and what > > > > > >> > > > > > >>>I was > > > > > >>>told before, makes me believe I should be able to > > > > > >> > > > > > >>mount an ftp > > > > > >> > > > > > >>>directory > > > > > >>>as a dir on my local file system, then just save > > > > > >> > > > > > >>the files directly > > > > > >> > > > > > >>>to > > > > > >>>it. Any ideas? > > > > > >>> > > > > > >>>Doug Riddle wrote: > > > > > >>> > > > > > >>>>I agree -- FTP, Telenet not to mention gopher > > > > > >>> > > > > > >>and a few others > > > > > >> > > > > > >>>are > > > > > >>> > > > > > >>>>going away just bcause of those issues. I don't > > > > > >>> > > > > > >>use emacs and > > > > > >> > > > > > >>>what I > > > > > >>> > > > > > >>>>know about it would fit on the head of a pin. I > > > > > >>> > > > > > >>tend to just > > > > > >> > > > > > >>>stick > > > > > >>> > > > > > >>>>with ssh2 at the bash prompt for anything > > > > > >>> > > > > > >>sensitive. If I can't > > > > > >> > > > > > >>>do > > > > > >>> > > > > > >>>>it from the shell, I am likely to use webmin. I > > > > > >>> > > > > > >>don't do that > > > > > >> > > > > >=== message truncated === > > > > > >===== > >Warmest Regards, > >Doug Riddle > >http://www.dougriddle.com > > > >## Firearms are second only to the Constitution in importance; they are > >the Peoples' Liberty Teeth." - George Washington ## > > > > > >__________________________________________________ > >Do You Yahoo!? > >Yahoo! - Official partner of 2002 FIFA World Cup > >http://fifaworldcup.yahoo.com > > > >_______________________________________________ > >General mailing list > >[email protected] > >http://brlug.net/mailman/listinfo/general_brlug.net > > > --- > Dustin Puryear <[EMAIL PROTECTED]> > UNIX and Network Consultant > http://members.telocity.com/~dpuryear > PGP Key available at http://www.us.pgp.net > In the beginning the Universe was created. > This has been widely regarded as a bad move. - Douglas Adams > > > _______________________________________________ > General mailing list > [email protected] > http://brlug.net/mailman/listinfo/general_brlug.net >
