Lee and Schoun: Thanks for your help, which of course earns you the usual compensation: More questions!
> At the very least you should consider setting up TCP wrappers by > configuring /etc/hosts.allow and /etc/hosts.deny and limiting access > to certain accounts with /etc/ftpusers. This is a bit beyond my level of expertise, but it sounds like a good idea. Can you point me to a source that would explain in more detail how to do this? > FTP is very insecure due to the fact that when a person on the other > end > connects to your MacOS X machine via FTP, their username and password > are > passed across the Internet in clear text, which means that anyone > watching > traffic now has your IP address, the username, and the password. Just so I understand better, how would someone "watch" traffic on the Internet between, say, my computer at home and an FTP server at my workplace? I've heard of this sort of thing before, but have never really understood how it works. Can anyone connected to the Internet "see" the data as it flows through from server to server? Wouldn't you have to be strategically located -- such as, at an ISP or some main transfer point -- to see anything meaningful? And with all of the billions (trillions?) of data bits streaming through the lines constantly, how would someone "see" and capture just the data they wanted (such as an IP number, username and password of a relatively obscure, unimportant FTP server at a particular business site in Louisville, KY? Suppose someone did capture the IP and login information of an FTP client -- what harm could they do other than getting into the particular directory that that client has access to and messing around with the files therein? > My advice is to NOT turn on FTP and instead turn on Remote Login, which > turns on ssh and essentially something called SFTP. For your Mac > people who are > going to connect, head to Version Tracker and have them download Fugu, > which > is a free application that allows secure connections (SFTP, not FTP > S=secure). For your Windows people, try Version Tracker and click on > the > Windows tab and search for Core FTP LE or WinSCP or EngInSite > DataFreeway. This sounds like a good idea, and I may well do this. The only thing that worries me about it is that many of our clients would might use this service (mainly advertisers who want to upload large graphics files to our server) may not want to bother with jumping through this extra technological hoop. We use straight FTP all the time to upload large files to various printers, and they don't seem to worry about someone capturing our login information. Is that because they've probably got some extra security measures set up on their end -- or are they just whistling past the graveyard? > Remember that FTP, ssh, and SFTP do NOT copy resource forks, which some > applications still use when saving files. I would suggest you test > will all > types of files to insure you do not have an problem later on down the > road. Could this be overcome by having them use compression utilities like zip or stuffit before they upload the files to us? > So, you will have to change permissions of the folders where they drop > the > files so you can see them too. > I see an excellent learning experience for you here Dan. You can > challenge > yourself to learn how to setup their folders so both they-and you-have > access. Without going into the command line, do a get info on each > person's > home folder and see what the permissions are. > I'll give you a hint, you'll also want to download SharePoints for > your Mac, > as it allows the creation of groups and the modifications of share > points. I've already had this edifying experience, thank you, (by necessity, as I encountered precisely the problem you described) and I do have SharePoints, though I haven't tried using it yet for this particular application. But I'm sure I will get to that soon enough. Dan | The next meeting of the Louisville Computer Society will | be February 22. The LCS Web page is <http://www.kymac.org>. | List posting address: <mailto:macgroup at erdos.math.louisville.edu> | List Web page: <http://erdos.math.louisville.edu/macgroup>
