On Wed, 3 Jan 2001, Magic Phibo wrote:
> What ftp server app. would you recommend if the main concern
> is security. Platform will be redhat linux, passive AND active
> mode and anonymous access should be supported.
I'd recommend
(a) trying to use http instead.
(b) trying to use something else instead.
(c) trying to get someone else to host it somewhere else.
(d) looking for a pretty-darned minimal implementation that
breaks all the stupid crap that most people never use anyway
then auditing that, then trying to get someone else to host it.
Especially look at giving trusted users something like scp access or HTTP
upload over SSH even.
> I used wu-ftpd and proftpd but I don't think they are really
> secure ...
WU's history is bad. It's one of the 3 leading vectors into *nix systems.
Pro's had its fair share of problems too. Even the OpenBSD version has
fallen, so historically anything is suspect, though WU is probably the
worst over time.
Paul
-----------------------------------------------------------------------------
Paul D. Robertson "My statements in this message are personal opinions
[EMAIL PROTECTED] which may have no basis whatsoever in fact."
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
