ANN: FTP Commander (the ftp browser Frank asked for...)
Alex Tweedly
alex at tweedly.net
Tue Sep 7 18:58:27 EDT 2004
At 19:20 07/09/2004 -0300, Andre Garzia wrote:
>On Sep 7, 2004, at 6:58 PM, Alejandro Tejada wrote:
>
>>Could anyone (intentionaly) sniff the password
>>used to connect to a ftp server?
>
>I don't think so. Unless someone launch a bogus server and force a user to
>log in.
Yes, they can sniff passwords. Standard FTP (rfc959) sends passwords in
cleartext, so anyone with physical access to the network, and suitable
packet-capture hardware can easily sniff the password.
See rfc 2577 for various other things that will scare you about using ftp :-)
-- Alex.
More information about the use-livecode
mailing list