Why don't you create an ssh tunnel between your two boxes and then
perform you ftp connection through there? This way, the connection would
be secure and you could impersonate whichever user you need to.
There is also a secure version of ftp, but I don't think that it can be
instantiated directly from PHP, and you would therefore have to run it
from a shell, which would give the same problems you have with ssh now.
php|architect - The magazine for PHP Professionals
The first monthly worldwide magazine dedicated to PHP programmers
Come visit us at http://www.phparch.com!
--- Begin Message ---
My company, as a matter of policy, closes the ftp ports of the servers in the DMZ.
However, I am not convinced that this is necessary, given the advent of very secure
ftp servers. I would appreciate any comments on the security of an open ftp port. To
relate this to php, I am ready to give up trying to make my
code work, because I will have to give the apache user more permissions than I am
comfortable with. So, I am thinking fo using php's ftp commands instead. I see nowhere
in the documentation however, if the ftp_connect can be done via the ssh transport
mechanism. Or, is this unnecessary, and can I use ftp (with plain text user and
password passed to ftp_login()) on port 21 without worrying about getting hacked?
--- End Message ---
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php