ANN: FTP Commander (the ftp browser Frank asked for...)
Mark Wieder
mwieder at ahsoftware.net
Tue Sep 7 21:32:18 EDT 2004
Andre-
Tuesday, September 7, 2004, 4:48:52 PM, you wrote:
AG> I never researched packet capture and those "security auditing"
AG> tools... the thing that scares me most is the fact that when in passive
AG> mode, the server will start listening in a data port and accepts any
AG> connection without checking if the data port client is the same one in
AG> the control port, and it will send the file to that client, file theft
AG> is just a matter of being there in the right time... very scary...
Yes - I don't use passive mode unless I'm absolutely forced to by a
server environment. You might look into the SFTP protocol to see how
ftp is handled using SSH as a tunneling mechanism. From my brief
glance at it the handshaking doesn't look too bad and all the dirty
work is handled by the ssh tunnel. Packet sniffing is just way too
easy.
--
-Mark Wieder
mwieder at ahsoftware.net
More information about the use-livecode
mailing list