Looking for a secure ftp sw
Eucke
euckew at sierraelectronics.com
Mon Mar 14 14:20:05 UTC 2005
Ed Wilts wrote:
>> Is there a better FTP SW(more secure) than ProFTPD for server usage?
>>
>>
>Given sftp access to the server, your customers
>could easily turn your system into an instant pirate site by using /tmp
>as a transfer location. They could retrieve all of your pam
>configuration files to see if you disable accounts after a predetermined
>number of failed logins. They could then retrieve /etc/passwd and issue
>a complete denial of server on your system by disabling all of your
>accounts. Its limitations like this that actually make ftp *more*
>secure than sftp in many environments even with the unencrypted traffic.
>
Ed, doesn't placing FTP users in a chroot jail make this impossible as
well as allowing no FTP access by priviledged users? Or is that not
possible with sftp as it's basically ssh?
--
Eucke
More information about the redhat-list
mailing list