FTP user names and passwords -- secure or not?

Jan Schenkel janschenkel at yahoo.com
Tue Jun 5 14:28:53 EDT 2007


--- Mike Hughes <hughesmike2 at hotmail.com> wrote:
> Hi All,
> 
> When using Rev's FTP capabilities to upload a file
> via ftp with user name 
> and password as in the syntax below:
> 
> put ... into URL "ftp://"&userName&":"&userPassword
> ...
> 
> is the user name and password completely secure in a
> distributed application 
> providing the scripts are encrypted? Is it at all
> possible for someone to be 
> able to tell what address, user name, and password
> are being used via 
> another application such as a firewall?
> 
> Thanks,
> 
> Mike
> 

Hi Mike,

FTP, POP, SMTP and plain HTTP are all wide open
protocols that anyone with a packet sniffer (such as
Ethereal) can read. I've seen emails come by with
username and password - it's quite scary to think that
so much sensitive information can be caught.
If you're only downloading, then an HTTPS protected
chunk of the website might do the trick.

Jan Schenkel.

Quartam Reports for Revolution
<http://www.quartam.com>

=====
"As we grow older, we grow both wiser and more foolish at the same time."  (La Rochefoucauld)


      ____________________________________________________________________________________
Luggage? GPS? Comic books? 
Check out fitting gifts for grads at Yahoo! Search
http://search.yahoo.com/search?fr=oni_on_mail&p=graduation+gifts&cs=bz



More information about the use-livecode mailing list