Re: Secure FTP site

From: Alun Jones (
Date: 02/21/03

From: (Alun Jones)
Date: Fri, 21 Feb 2003 15:28:38 GMT

In article <ea63bkU2CHA.452@TK2MSFTNGP11.phx.gbl>, "Karl Levinson [x y] mvp"
<> wrote:
>Sometimes your web browser gives you a login screen when anonymous user is
>not permitted, but in your case your browser sounds like it is not doing
>this. You can try using a free GUI FTP, or you could try looking for a
>setting to change in your web browser under Tools, Options, Advanced, or you
>could use a URL that contains the ID and password to access the FTP server,
>such as"> instead of
> The last is probably the easiest solution
>to try.

There's a strong recommendation about putting a password in a URL, on the
basis that it hits the history file and is stored there in plaintext -
however, it may be that IE does this anyway even if you enter the password in
the login dialog. You'd have to check. But I would heartily recommend the
use of a 'real' FTP client. All web browsers suck at doing - well, anything
outside of web traffic. They have to be shoe-horned into something outside of
their normal mode of operation. Sometimes the shoe-horning is reasonably
good, but in the case of FTP, it seems that most browser authors are
interested in getting the basics - downloading a file - but aren't too
interested in much beyond that.

>Last, note that if you're using IIS without anonymous access, the login ID
>and password are passed across the network or internet in clear text format,
>which could theoretically be captured by a hacker with a sniffer.

And while I'd usually use such an opportunity to mention that we (and other
server authors) support encryption of commands and data transfers, if you're
going to use web browsers as FTP clients, that recommendation is useless,
because there isn't a web browser out there that supports FTP over SSL / TLS.
To do FTP more securely, you need a real FTP client, and a third-party FTP


[Please don't email posters, if a Usenet response is appropriate.]

Texas Imperial Software   | Try WFTPD, the Windows FTP Server. Find us at
1602 Harvest Moon Place   | or email
Cedar Park TX 78613-1419  | VISA/MC accepted.  NT-based sites, be sure to
Fax/Voice +1(512)258-9858 | read details of WFTPD Pro for XP/2000/NT.