graphical ftp client

James Wilkinson fedora at westexe.demon.co.uk
Thu Dec 1 17:51:57 UTC 2005


Jim Cornette wrote:
> If you are getting information that is not confidential, why worry if 
> you are using sftp or ftp? If it is sniffed there is no loss.

akonstam at trinity.edu replied:
> Well first as a mea culpa gftp handles sftp .
> Second, It is you passwd that you don't want sniffed so sftp is
> important for security.

That's assuming that you don't want an FTP program for anonymous FTP (in
which case there is no secret password to sniff). It's not that unusual
a requirement.

In the second case, it also assumes that any password is actually
worthwhile. If the username and password are also valid for an SSH 
login, then you certainly don't want random hackers getting hold of
them.

But if it's for a well-secured FTP-only site and account, then all a
potential attacker can do is store data on the machine (and that depends
on the configuration). That used to be useful, but these days, I'd say
the value of it is effectively zero. If the data is legal, Gmail is a
better (and safer) storage site. If it's illegal, then a compromised FTP
site is too likely to be spotted by the owner -- much better to get a
rooted box that can hide the data from the owner.

There is, of course, the usual worry about holes in Internet-facing
software. But it's not really more serious for FTP software than it is
for a Web server or an e-mail server.

You're also assuming that there aren't other security measures (VPN, or
a trusted network) in place.

James.

-- 
E-mail address: james | I must refute the rumour that one of our team members
@westexe.demon.co.uk  | walks on water. Although it's true that Barry Cryer
                      | runs on lager...
                      |     -- "I'm Sorry, I Haven't A Clue", BBC Radio 4




More information about the users mailing list