I find the notion of going to great lengths to protect FTP passwords aside from reasonable precautions like good ACLs to prevent widespread access to the files somewhat "amusing" given the fact that FTP sends its passwords in CLEAR TEXT. Anyone at any ISP along the way can see those passwords, unless you tunnel the FTP inside a VPN.
Actually what I am seeing more and more in the "real world" is the use of FTP over SSH. This is a Good Thing (TM). JRJ -----Original Message----- From: Kim Horn [mailto:[email protected]] Sent: Wednesday, April 01, 2009 5:34 PM To: [email protected] Subject: RE: Can VFS SFTP Passwords be encrypted It may, we are given simple text passwords by systems we have to interface too. FTP is still the largest B2B mechanism in the US :-). We cannot ask them to supply us anything else but a simple username/password; this is the reality of B2B. The only issue we have is that these are not kept in clear text in script files. In our domain this is illegal and in all other domains bad practise. So all we require is to be able to have these encrypted in any script files. I think this Jira suggests a stronger mechanism, sharing keys between SFTP servers, but is totally impractical in real world B2B. Kim -----Original Message----- From: Asankha Perera [mailto:[email protected]] On Behalf Of Asankha C. Perera Sent: Thursday, 2 April 2009 3:48 AM To: [email protected] Subject: Re: Can VFS SFTP Passwords be encrypted Hi Jay / Kim > A suggestion. SFTP can use PKI shared keys for authentication. The keys are host+user specific. > > I am not familiar enough with Synapse to know exactly how you'd go about it, but I do suggest that the answer lies in using PKI. > I guess https://issues.apache.org/jira/browse/SYNAPSE-507 is a proper solution for this.. and possibly we could already tweak VFS to do this.. cheers asankhaa -- Asankha C. Perera AdroitLogic, http://adroitlogic.org http://esbmagic.blogspot.com
