Re: Secure FTP site

From: Karl Levinson [x y], mvp (levinson_k@despammed.com)
Date: 02/21/03


From: "Karl Levinson [x y], mvp" <levinson_k@despammed.com>
Date: Fri, 21 Feb 2003 11:42:20 -0500


"Alun Jones" <alun@texis.com> wrote in message
news:GAr5a.114$AD6.67301515@newssvr11.news.prodigy.com...

> There's a strong recommendation about putting a password in a URL, on the
> basis that it hits the history file and is stored there in plaintext -

I hadn't thought about that... but typing in the password in the URL might
be secure enough if this is a home computer where only trusted people are
allowed to touch the computer and/or FTP server security is not very
important. Clearing the browser history etc. may help a little as well.

> however, it may be that IE does this anyway even if you enter the password
in
> the login dialog. You'd have to check. But I would heartily recommend
the
> use of a 'real' FTP client.

That would definitely give you more features. www.download.com should have
some free FTP software, among others.

> To do FTP more securely, you need a real FTP client, and a third-party FTP
> server.

Agreed. [Assuming encryption is deemed important.] Links to Alun's product
and others that do encryption can be found at:

http://securityadmin.info/faq.htm#iis