Sender: |
|
Date: |
Fri, 8 Jun 2012 16:46:56 +0200 |
Reply-To: |
|
Content-Transfer-Encoding: |
7Bit |
Subject: |
|
From: |
|
Content-Type: |
multipart/signed; boundary="nextPart21956560.sCvmTsybnH";
micalg="pgp-sha1"; protocol="application/pgp-signature" |
In-Reply-To: |
|
MIME-Version: |
1.0 |
Comments: |
|
Parts/Attachments: |
|
|
Hello everyone!
Am Freitag, 8. Juni 2012, 08:44:35 schrieben Sie:
> And in this day and age with password sniffing
> going on over local networks by zombied machines and happening as a matter
> of government policy worldwide in data centers, and the historic firewall
> wackiness with FTP's 2 channel communications, *WHY* is your client using
> FTP for anything that is password based? You can cross-hook it to normal
> logins, true, but this is a really bad idea for basic security reasons and
> should be avoided wherever feasible.
Thanks for that hint!
I just found that old server and decided to move the service onto a new host
(and non EOL distro) to integrate it with the rest of the infrastructure (and
get security updates). I will suggest to the clients to use another service
that is less of a security problem.
> Or are they using FTPS?
So far I found no client that reliably supports FTPS. Especially nothing that
comes with the OS "by default" (I tried Chrome, Firefox, KDE/Dolphin). Can you
suggest one?
Kind regards,
Dennis Schridde
|
|
|