ANN: FTP Commander (the ftp browser Frank asked for...)

Andre Garzia soapdog at
Tue Sep 7 19:48:52 EDT 2004

On Sep 7, 2004, at 7:58 PM, Alex Tweedly wrote:

> Yes, they can sniff passwords. Standard FTP (rfc959) sends passwords 
> in cleartext, so anyone with physical access to the network, and 
> suitable packet-capture hardware can easily sniff the password.
> See rfc 2577 for various other things that will scare you about using 
> ftp :-)
> -- Alex.

I never researched packet capture and those "security auditing" 
tools... the thing that scares me most is the fact that when in passive 
mode, the server will start listening in a data port and accepts any 
connection without checking if the data port client is the same one in 
the control port, and it will send the file to that client, file theft 
is just a matter of being there in the right time... very scary...


Andre Alves Garzia ð 2004 ð BRAZIL

More information about the use-livecode mailing list