ftp security issues
-
I am doing some research into ftp. I have developed an website that allows the user to ftp files to a server. I was just wondering if there are any security implications in doing so? Any information is much appreciated. ASP all the way
-
I am doing some research into ftp. I have developed an website that allows the user to ftp files to a server. I was just wondering if there are any security implications in doing so? Any information is much appreciated. ASP all the way
You are going to force them to log in ? Right ? No anonymous connections. You may want to see if there is a method for your FTP server software to limit the amount of data a folder can have uploaded. (Think disk quota) I would recommend monitoring the FTP destination folder very carefully for abuse; maybe a nightly job that would compare the number of files / size from the night before to the current day and send an email notification if too many files have changed or the file size has changed dramatically. Using a system like this, you won't bother an Admin with yet another email notification. just some things to think about. Good luck. :thumbsup:
-
I am doing some research into ftp. I have developed an website that allows the user to ftp files to a server. I was just wondering if there are any security implications in doing so? Any information is much appreciated. ASP all the way
FTP passes login/password in the clear, so someone could intercept them. Use SFTP, if you can. Naughty people like to find open FTP locations to upload naughty things. Then they tell their friends where to get those naughty things. Make the upload folder write-only. (If you need to have those files accessible via FTP again, you move them to a downloadable folder, after checking them out either manually or by a process you'll need to create.)
We were waiting, We were watching. Yes we knew it all along. You were wrong. My Mu[sic] My Films My Windows Programs, etc.
-
FTP passes login/password in the clear, so someone could intercept them. Use SFTP, if you can. Naughty people like to find open FTP locations to upload naughty things. Then they tell their friends where to get those naughty things. Make the upload folder write-only. (If you need to have those files accessible via FTP again, you move them to a downloadable folder, after checking them out either manually or by a process you'll need to create.)
We were waiting, We were watching. Yes we knew it all along. You were wrong. My Mu[sic] My Films My Windows Programs, etc.
I have looked into the SFTP, and the only way of really doing this is using 3rd party component although there are some class librarys. Would another alternative be to use SSL and ftp? ASP all the way
-
I have looked into the SFTP, and the only way of really doing this is using 3rd party component although there are some class librarys. Would another alternative be to use SSL and ftp? ASP all the way
-
I'm pretty sure once you hit the FTP protocol it's just going to jump out of the SSL world.
We were waiting, We were watching. Yes we knew it all along. You were wrong. My Mu[sic] My Films My Windows Programs, etc.
Appreciate the info. I'll do some more research and come up with a solution looking into SharpSSH which looks promising. ASP all the way