Re: Secure file transfer
- From: Gerald Vogt <vogt@xxxxxxxxxxx>
- Date: Sun, 16 Dec 2007 17:12:14 -0800 (PST)
On Dec 17, 10:02 am, "Sebastian G." <se...@xxxxxxxxx> wrote:
ev...@xxxxxxxxxxxxxxxxxxx wrote:
On Dec 16, 5:04 pm, "Sebastian G." <se...@xxxxxxxxx> wrote:
ev...@xxxxxxxxxxxxxxxxxxx wrote:
In Core FTP, is it better to use AUTH SSL or SSH/SFTP?SSL. SSH/SFTP only protects the data transfer channel, not the command channel.
I don't know enough about it to understand how that addresses which is
better to use.
SSL encrypts and authenticates both command and data channel, SSH/SFTP only
the latter. The consequence is that authentication credentials on SFTP
session are transfered in clear text and can be easily sniffed. And since no
authentication takes places, and attacker can insert arbitrary commands or
replys.
Is this a Core FTP specific thing? That standard sftp client which
comes with ssh packages like openssh transfers everything (command and
data) through a SSH link. AFAIK it does not even use the FTP protocol.
Gerald
.
- Follow-Ups:
- Re: Secure file transfer
- From: Sebastian G.
- Re: Secure file transfer
- References:
- Secure file transfer
- From: evans
- Re: Secure file transfer
- From: Sebastian G.
- Re: Secure file transfer
- From: evans
- Re: Secure file transfer
- From: Sebastian G.
- Secure file transfer
- Prev by Date: Re: Secure file transfer
- Next by Date: Re: Secure file transfer
- Previous by thread: Re: Secure file transfer
- Next by thread: Re: Secure file transfer
- Index(es):
Relevant Pages
|
