Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
Re: [suse-security] maybe off topic, ports ftp
From: piet (prooroawanadoo.nl)
Date: Mon Jan 19 2004 - 06:46:13 CST
fair enough, and what kind of server would you recommend with sftp?
Markus Gaugusch wrote:
> On Jan 19, piet <prooroawanadoo.nl> wrote:
>>as for the apache server one can use port 8080 instead of 80.
>>Is something likewise possible for ftp (pureftp in my case) to use
>>something else as 20&21 say 8020&8021 or so.
>>I would like to ftp to my server but it shouldn't be to obvious.
>>Another question I struggle with how to configure ftp & apache in such a
>>way that I can drag and drop files by means a browser on a remote box to
>>upload files to the server after a login.
> Since you asked on a security list, you'll get a "security" answer:
> DON'T USE FTP. DON'T USE FTP. DON'T USE FTP.
> Apart from being a catastrophic protocol (hard to firewall correctly), it
> is not encrypted and passwords are transferred in clear text. If you want
> to offer files for download, use your apache server. If you want to upload
> files, use ssh/scp/sftp. There are nice drag&drop clients for sftp
> available for windows (filezilla, winscp).
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-helpsuse.com
Security-related bug reports go to securitysuse.de, not here