On 28 Oct 2013, at 11:22 , Marcus Denker <[email protected]> wrote:
> > On 28 Oct 2013, at 11:19, [email protected] wrote: > >> FWIW I also have serious issues with MetacelloToolBox against an FTP >> repository. > > We should remove FTP. FTP is evil: the passed is passed in the clear, it is > old, it makes > problems with NAT and firewalls. > > FTP should *not* be used in 2013! > > Marcus By the first criteria, shouldn’t we remove HTTP repositories as well? Base64 isn’t much less plaintext than normal plaintext :) IMHO, from a security POV they’re both usable if connecting to a local/VPN’ed repository on a properly firewalled network. Which also gives an answer to the NAT/firewall dilemma, you shouldn’t use FTP directly over the internet anyways. What *would* be nice, is a warning when you add a repository with an insecure authentication protocol, that it better not be accessed through public networks . Cheers, Henry
signature.asc
Description: Message signed with OpenPGP using GPGMail
