Tod Hagan wrote:
>
> Is there a daemon I can run besides ftp which has clients which run on
> Windows and Macs to allow password protected access for uploading?
> This isn't for anonymous uploads.
SSH.
> Without the requirement for windows clients I'd just use scp and
> rsync. Oh, for Windows and Mac rsync clients.
Look for ssh32 on the web. It is a windows-based ssh client that
includes a windows-based implementation of scp. Also, check out
http://www.jfitz.com/tips/ssh_for_windows.html for other alternatives.
> I hate ftp. The design of the protocol itself is OLD, from the early
> 70s -- that's over 25 years! (see http://www.wu-ftpd.org/rfc/)
What does age have to do with the usefulness of a protocol? Actually,
what does age have to do with *ANYTHING* in the computer industry? I
hear that there is this really old thing called UNIX, too. We should do
away with that, too. Windows2K is new, so that should be good, right?
;-)
> The protocol is also clunky, designed for manual use when today most
> people use GUI clients.
So, if it was designed for manual use, and most people use GUI's,
wouldn't that make it robust and useful, since it is also highly
scriptable?
> wu-ftpd is hard to administer (why should an ftp user need a valid
> shell in /etc/passwd in order to log in via ftp?) and has a history of
> huge security holes. Proftpd came along ostensibly to solve the
> security holes but didn't. Since the daemon runs as root, security
> holes result in a complete compromise of the server.
This I just disagree with outright.wu-ftp really isn't that hard to
administer, and you don't need a shell in /etc/passwd. Every FTP user
that I have ever created had a shell of /bin/false. Also, ftpd does not
have to run as root. You can run it as any user (I ran it as nobody).
This is configurable if you run it out of inetd. The security problems I
will agree with. Like many things that come from WU, wu-ftp was a term
paper that went horribly wrong. I don't know much about ProFTP, so I
won't comment on that. However, if you want secure FTP, you can use
BSDftp, or you can reassign ports and use ftp through an ssh tunnel.
> Isn't it time that FTP went the way of the gopher? <grin>
I don't think so. FTP is still quite useful in many real world
situations, despite it's security shortcomings. One that comes to mind
is a public anonymous FTP site, like metalab, or ftp.debian.org. They
don't have a need for protecting usernames and passwords, since anyone
can use the service. However, they still need to protect their systems,
so they take measures to ensure security like chroot jails, limited user
permissions, etc. If you're going to run a public server, then you need
to know how to protect your systems against your own services.
Kenny
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
