On Tue, 11 Feb 2003, Christopher Ditty wrote: > errors, no nothing. I talked to his host and found out that they do > not allow PHP FTP because it is a security risk. ????? Ummmm, ok?
I consider FTP a security risk, period. (There /are/ ways to run an FTP server securely, but I won't assume everyone, or even anyone, knows this.) The possibility of having plain-text authentication flying around ... security risk. This is probably the perspective of your hosting company. You may want to only access a server which provides anonymous FTP. You might not use the same username and password to the FTP server that you use on the hosting server. You might only be accessing a server on a trusted network. But you're just one user. From a sysadmin perspective, that's a lot of assumptions made about all the other users who could potentially use those FTP functions and not take the precautions you took. (Not to mention, that it's a bit rude to expose someone's FTP server to compromise just because the security issue doesn't affect the hosting server. Plain-text authentication, such that FTP and Telnet use, are the bane of sysadmin existence ... usernames and passwords are sniffed too easily.) That said ... FTP is a protocol; there's nothing stopping you from opening a socket and talking FTP back & forth across it (unless your host has disabled fsockopen() too). If you know the protocol, you probably know how and why to avoid its security concerns. Other options: Move to a less security-minded hosting provider (looks like you've already started that), or ask the FTP server admin to provide download access to your file via HTTP. ... hope that provides some insight. ~Chris -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php