Re: ftp security

From: Jerry (jerry.giacinto_at_ketteng.com.nospam.com)
Date: 06/13/03

• Next message: Thomas E Scoggins: "URLScan Confusion"
• Previous message: Mike Purtell: "Can't run aspx on server"
• In reply to: Jerry: "Re: ftp security"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Fri, 13 Jun 2003 13:47:00 -0700

By the way, can someone tell me if WebDAV with Integrated Windows
authentication forms a fairly secure pipeline for file transfer? Is there
any reason why IIS would resort to clear text user and password information
with this setting? This server is being used on the internet, not on an
intranet, and I'm not sure if this affects the way IIS implements security.

Thanks again,
  Jerry

"Jerry" <jerry.giacinto@ketteng.com.nospam.com> wrote in message
news:umh#jdeMDHA.2220@TK2MSFTNGP10.phx.gbl...
> Thanks for the information, Yangtsi.
>
> I even went so far as to setup a Web Folder with Integrated Windows
> authentication turned on. But the customer says it's too slow. If I can
> pinpoint their IP range, I'm going to stick with that.
>
> Jerry
>
>
> "Yangtsi River" <nakhi@sina.com> wrote in message
> news:uj$urKJMDHA.2832@TK2MSFTNGP10.phx.gbl...
> > I managed a FTP site too, and have the same problem as you.
> >
> > since we can not change the plain text feature of IIS FTP service, u can
> > specify which IP can have access. From my experience, that helps a lot.
> >
> > Most hacks for FTP is password guessing, which even can topple your
> > ervice( if not penitrating your system), if you specify the visitor IP,
> all
> > problems solved.
> >
> > I agree with another's advice, if u r realy worred on plain text
passwrod,
> > then u can install a different FTP server software with password
> encryption
> > feature.
> >
> >
> > Yangtsi ,from China
> >
> >
>
>

---

• Next message: Thomas E Scoggins: "URLScan Confusion"
• Previous message: Mike Purtell: "Can't run aspx on server"
• In reply to: Jerry: "Re: ftp security"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Windows Authentication problem with IIS6 (Win2k3) ... Authentication Protocol is Integrated ... Jeff - Thank you SOOOOO much - your suggestion to check out the IIS ... regardless of the IE setting regarding Enabling Integrated Windows ... >>I believe the problem to be something related to the Kerberos technology, ... (microsoft.public.inetserver.iis) Re: Windows Authentication problem with IIS6 (Win2k3) ... Authentication Protocol is Integrated ... Jeff - Thank you SOOOOO much - your suggestion to check out the IIS ... regardless of the IE setting regarding Enabling Integrated Windows ... >>I believe the problem to be something related to the Kerberos technology, ... (microsoft.public.inetserver.iis.security) Re: Integrated Windows Authentication - 401: Access Denied ... try using iis authdiag, make sure all your permissions are squared away. ... > from a browser the Integrated Windows Authentication ... >>> Developing .NET application to acccess web services. ... (microsoft.public.inetserver.iis.security) Re: Most secure solution for ftp (IIS?) ... you can use Authentication and then control access using ... So I> guess IIS can support this, I put on the> ftp server, but there doesn't seem to be much with authentication> control except accept/deny host settings. ... (microsoft.public.inetserver.iis.security) RE: HttpContext Problem ... When user access UploadFileApps, it will check whether the user's email ... Negotiate" header is used for Kerberos authentication ... in IE and IIS, this normally means you've checked "Integrated Windows ... (microsoft.public.dotnet.framework.aspnet)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(12)