[TriLUG] minimal ftp host
crimsun at fungus.sh.nu
crimsun at fungus.sh.nu
Fri Jun 27 17:13:21 EDT 2003
On Fri, Jun 27, 2003 at 04:43:50PM -0400, Chris Merrill wrote:
> I'm curious about some of the security problems with FTP. Is 'anonymous
> FTP' dangerous only when users can _upload_ files? I'd like to enable
Not only, but that's one of the big gotchas.
> 1) efficient downloading of files (linked from my website)
Keeping the files accessible via http makes more sense to me. You're
already posting a web page...
> 2) normal login - for ME to update my website
I would scp the files.
> I have no need for anonymous users to _upload_ files to my server.
I would skip plain ftp then.
> Do the same security concerns apply when used in this way?
> IIRC, the RH9 that I just installed came with VSftp...can I enable just
> this type of access with VSftp or should I consider another FTP server?
You shouldn't (imo) use ftp at all. Scp offers you identical update
benefits with the additional benefit of enciphering; and your users
should find downloading files via http "natural."
--
Daniel T. Chen crimsun at fungus.sh.nu
GPG key: www.sh.nu/~crimsun/pubkey.gpg.asc
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://www.trilug.org/pipermail/trilug/attachments/20030627/8728c42f/attachment.pgp>
More information about the TriLUG
mailing list