I think you are right Rich, When you define your ftp server in your preferences, it looks like this:
ftp://localhost:21 So it looks at the local host! Rich Lafferty wrote: >On Thu, May 09, 2002 at 07:24:39PM -0000, Darrell May <[EMAIL PROTECTED]> wrote: > >>Brandon Friedman <[EMAIL PROTECTED]> said: >> >>>Has anybody installed this on SME? >>> >>>It's need by Sherpath to use the SMS functions? >>> >>Brandon I know you are spending a lot of time looking at Sherpath. I have >>only had time to take a brief look but I did notice a few things of concern: >> >>- it appears to require ftp enabled for it's file management. This is >>insecure and the main reason ftp is disabled under SME by default. >> > >I'm not sure it is. FTP is disabled under default because it's a bad >idea to pass passwords over untrusted networks. If you're running >sherpath on your SME Server and it's modifying files via FTP on the >server, it doesn't go over any untrusted networks (or it shouldn't, >at least!) because it can use the loopback interface. > >(I haven't looked at Sherpath, but it sounds like it does what Horde's >Gollem file manager does.) > >>- it appears to authenticate users via an admin defined mySQL database >>table. IE it does not appear to tie into or use any existing SME system for >>authentication. >> > >FWIW, Gollem uses the successful ftp login as an authentication >mechanism, which gets around that nicely. And if you've got IMP 3.0 >installed, then you've already got the Horde libraries it requires >(although you might need some more php module packages). > > -Rich > -- Regards Brandon Friedman Cell:083 408 7840 E-mail: [EMAIL PROTECTED] www.bfconsult.co.za -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org