On 30 Jul 2006 at 10:54, Hugh Gundersen wrote: > So pass the buck if you want to pay. Ok so I am not the pentagon or > the bank of England and it's a risk crossing the road but you asked > about FTP servers and I gave you my 2c worth so please don't start an > argument over my comments that are meant to help. If you don't like > the advice don't take it or don't ask.
I said in my OP that I had checked out external FTP services providers, if I didn't make that clear enough, my bad, however no where in my original posting did I ask about setting up my own ftp server in house... > That is what you are paid for. However many if not all ISP that offer > web site space use FTP servers for uploading and they don't panic! Yes, they also lock it down in a way that would not be appropriate for what's needed as per my original posting. > Consider how many ISP use this FTP service and how many people take > advantage of it and say 10% are hackers -- why aren't there more > hacked FTP servers? Because most ftp servers are restricted in a way that's not appropriate for how this client needs to use it. In corporate environments, what invariably happens is that a PHB gets wind of the FTP server and says, okay lets open it up to all our business partners, friends etc. Eventually that box gets hacked <shrug>. I continually fight with PHB's that have no concept of network security and don't want to learn/hear about it, "just make it easy and make it work", lowest common denominator mentality. > If FTP is so terrible then go direct to WS-FTP and ask them for an > answer - as EXPERTS I would think they can give you a more definitive > answer. FTP isn't terrible, it's just inherrently risky, plain text passwords of ANY variety are just plain dangerous. If I got a dollar for each time I had to explain to a client why checking email or using ftp is dangerous when on a non-trusted network (like the neighbours wifi connection), I'd have retired long ago. I am of the mindset that there should be no plaintext passwords crossing any network period! That includes internal lans. If one is using ssl'ifed ftp or scp, or sftp, that's a whole other ballgame, however given that most people don't know how to use secure ftp and complain vociferously when forced to use it, I don't see regular ftp as an option on any FTP server I am hosting. -- Harondel J. Sibble Sibble Computer Consulting Creating solutions for the small business and home computer user. [EMAIL PROTECTED] (use pgp keyid 0x3AD5C11D) http://www.pdscc.com (604) 739-3709 (voice/fax) (604) 686-2253 (pager) -- ---------------------------------------- To Change your email Address for this list, send the following message: CHANGE WIN-HOME your_old_address your_new_address to: [EMAIL PROTECTED] Note carefully that both old and new addresses are required.
