Re: Secure FTP site

From: Alun Jones (alun@texis.com)
Date: 02/21/03


From: alun@texis.com (Alun Jones)
Date: Fri, 21 Feb 2003 15:28:38 GMT


In article <ea63bkU2CHA.452@TK2MSFTNGP11.phx.gbl>, "Karl Levinson [x y] mvp"
<levinson_k@excite.com> wrote:
>Sometimes your web browser gives you a login screen when anonymous user is
>not permitted, but in your case your browser sounds like it is not doing
>this. You can try using a free GUI FTP, or you could try looking for a
>setting to change in your web browser under Tools, Options, Advanced, or you
>could use a URL that contains the ID and password to access the FTP server,
>such as password@servername.microsoft.com">ftp://username:password@servername.microsoft.com instead of
>ftp://servername.microsoft.com The last is probably the easiest solution
>to try.

There's a strong recommendation about putting a password in a URL, on the
basis that it hits the history file and is stored there in plaintext -
however, it may be that IE does this anyway even if you enter the password in
the login dialog. You'd have to check. But I would heartily recommend the
use of a 'real' FTP client. All web browsers suck at doing - well, anything
outside of web traffic. They have to be shoe-horned into something outside of
their normal mode of operation. Sometimes the shoe-horning is reasonably
good, but in the case of FTP, it seems that most browser authors are
interested in getting the basics - downloading a file - but aren't too
interested in much beyond that.

>Last, note that if you're using IIS without anonymous access, the login ID
>and password are passed across the network or internet in clear text format,
>which could theoretically be captured by a hacker with a sniffer.

And while I'd usually use such an opportunity to mention that we (and other
server authors) support encryption of commands and data transfers, if you're
going to use web browsers as FTP clients, that recommendation is useless,
because there isn't a web browser out there that supports FTP over SSL / TLS.
To do FTP more securely, you need a real FTP client, and a third-party FTP
server.

Alun.
~~~~

[Please don't email posters, if a Usenet response is appropriate.]

-- 
Texas Imperial Software   | Try WFTPD, the Windows FTP Server. Find us at
1602 Harvest Moon Place   | http://www.wftpd.com or email alun@texis.com
Cedar Park TX 78613-1419  | VISA/MC accepted.  NT-based sites, be sure to
Fax/Voice +1(512)258-9858 | read details of WFTPD Pro for XP/2000/NT.


Relevant Pages

  • Re: Accessing NASs remotely
    ... on a laptop and the Windows XP laptop natively. ... an encrypted web based filer for access, also ftp, just make sure you ... setup via Buffalos servers (you have to login to connect and then ... download, but not write up to them, the DS110j has a Web browser based ...
    (comp.sys.acorn.networking)
  • Re: how do i set my webpage to apper on the center of the webbrows
    ... GoDaddy using MS Publisher ... to each locally-published page from within a web browser, ... accompanying folder must be copied and pasted, via ftp client to your ... If you are also asking how to get the forms to work in Publisher, ...
    (microsoft.public.publisher.webdesign)
  • Re: FTPD and IExplore
    ... inetd) via IExplore or any other web browser. ... I've added user ftp to ... enable anonymous logins on my ftp server and it works when connecting ...
    (freebsd-questions)
  • Re: what is www.
    ... Larger systems also often have separate a separate host for ftp access, ... And you don't need to use a web browser an ftp server. ...
    (comp.lang.php)
  • Re: Secure FTP site
    ... Sometimes your web browser gives you a login screen when anonymous user is ... could use a URL that contains the ID and password to access the FTP server, ... and the server, if there is one. ... >> Tip Although you could change the account that the ...
    (microsoft.public.inetserver.iis.security)