> >For example could I pass a session variable(s) such as >username / password >to WS FTP Server - so as to only have authenticated users downloading >content? > >If I use the format >ftp://username:[EMAIL PROTECTED]/content/file.name >
When you access most FTP servers in this method you'll find that the username & password are sent 'in the clear' as part of the header. Not very secure if you're afraid of someone sniffing packets leaving your website. Added to that, anyone can simply write down the username & password by examining the link and then logging in via a regular FTP session using the 'secure' login details. I can't say what happens with a secure FTP session. I imagine that all depends on the FTP server in use; check out WS_FTP's SSL security, that may have the answer for you >I have heard this is not compatible with some browsers. What >has been the >experience in the field? > MS Internet Explorer is the worst culprit. Wonderful HTTP browser but really sucks at FTP if someone has installed the Browsing Enhancements pack as part of IE4, 5, or 5.5. Also, the workarounds to fix it change between versions (and even minor builds) so much that it becomes a pointless exercise. Funnily enough, the Browsing Enhancements was supposed to improve FTP use....go figure. Other browsers may also display the username:password sections of the URL in the address bar without hiding them with asterisks which is another hindrance to security. I hope you find this useful. Chazzozz!! Michael Shannon Webmaster [EMAIL PROTECTED] "Before you can grow old and wise you must first survive being young and stupid." - Ancient Proverb Note: Opinions expressed on this list are my own and do not reflect the views, opinions or position of my employer. If swallowed, seek medical advice. Please visit http://www.ipswitch.com/support/mailing-lists.html to be removed from this list.
