> > There's a lot of "commercial" firewalls that don't get FTP right, and > > So complain. It can be done right, and customers' demands rule.
That works two ways -- if customer A with broken firewall demands you permit something you know to be insecure, do you cave in? Thought not. See previous argument. > Sometimes, ftp is the only choice available to users - think files over > 2 Gbytes. Like SLES and EHEL DVD images. Since when has that mattered to an outside security auditor? > There is a considerable difference between incoming ftp (passwords to > our site) and outgoing (passwords to their site). It's your > responsibilty to set and enforce password policies for your site, and if > Novell's policy says "no ftp because it's insecure," that might be a > reasonable stance (but would still leave me wondering whether there's a > better alternative solution to their conserns). There probably is. That doesn't change the basic fact of the argument one iota. If the company's policy says "no", you're not going to change that for something like this. ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to [EMAIL PROTECTED] with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390
