FTP "securing"
Bruce Dawson
jbd at codemeta.com
Wed Oct 8 10:30:27 EDT 2003
On Wed, 2003-10-08 at 09:10, Morbus Iff wrote:
> >I know, you can't secure FTP.... However, I need to figure something
> >out. We have customers that access our customer support website, and
> >from there, they download patches. However, when they mouse over the
> >link, they can see the FTP username and password. Does anyone know of a
>
> If you're creating an FTP link with the username and password in it,
> then no, there's no way you can obfuscate that. Your better bet is to
> write a script that logs in and serves the file, and then merely link
> to that script.
The above may be overstating the futility of obscuring ftp
authentication just a little bit.
I've seen some sites create a FTP login for a particular session using
unique usernames and passwords that expire. However, I don't know what
software they use.
The main thing is that you need a FTP server that will get its
authentication info from a database (or file) that's updated by the web
backend.
There are some out there, and some are even open-source, but I've been
out of that problem area for a while and don't know what's "real" and
what's not.
--Bruce
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://mail.gnhlug.org/mailman/private/gnhlug-discuss/attachments/20031008/867614bf/attachment.bin
More information about the gnhlug-discuss
mailing list