[K12OSN] Anyone provide ftp access to students?
Robert Arkiletian
robark at gmail.com
Thu Mar 2 21:19:10 UTC 2006
On 3/2/06, Mike Ely <mely at rogueriver.k12.or.us> wrote:
> Shawn Powers wrote:
> > I also provide "webftp" so that they can upload/download files via a
> > webpage as well. (FTP was too complicated for many of our staff
> > members... don't get me started...)
> >
> > I actually *did* have problems with SSH access to the outside, because
> > many kids had guessable passwords. I had a few accounts compromised,
> > and was running some zombie apps due to the SSH access. It was a
> > wonderful day. (note heavy sarcasm)
> >
>
> Agreed. Sometimes it's better to set something like WebDAV up or simple
> .htaccess auth than to go whole hog - all my normal user accounts have
> their shell variable set to /bin/false, for just the reason Shawn
> expresses above. Giving the kids shell access is a short trip to hell IMO.
>
> I'd personally avoid FTP for the same reason as ssh - a shell's a shell.
I didn't know FTP was a shell. I just looked closely at the menu of
gftp and I noticed Remote-> "Send SITE command"
Never used this. I'm assuming you can use this to execute stuff.
Hmm. I thought that FTP was only a risk due to someone sniffing a
password and (worse case scenario) deleting all the files of another
student. I did not think there could be any danger to the OS. But if
you can execute stuff then you could upload and execute a fork bomb or
a memory hog of some kind. Why do they call it *very secure* FTP.
There must be a way to make it more secure. My ISP gives all it's
customers FTP access.
SSH is out because you can't use SCP without a shell. And I too think
a shell is too powerful for some external hacker.
So that leaves the other suggestions of WebDAV and .htaccess. I have
no experience with either.
--
Robert Arkiletian
C++ GUI tutorial http://fltk.org/links.php?V19
More information about the K12OSN
mailing list