FTP is resistant to encrypting passwords since sFTP clients for Windows is hard to come by, and tunneling over SSH is clunky on Windows. We need to cater to Windows users since this FTP is for updating websites in a hosting setup.
FTP as it is has sniffable passwords in the clear. I thought of this: How about locking out the user's account until they are ready to FTP. Before they FTP, the user goes to a SSL protected site where they can retrieve a generated FTP session password. This password will be used for FTP but will be disabled once the FTP session is finished. This might break automated setups, though... or FTP from web publishing programs, perhaps? _ Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph To leave: send "unsubscribe" in the body to [EMAIL PROTECTED] To subscribe to the Linux Newbies' List: send "subscribe" in the body to [EMAIL PROTECTED]
