AW: AW: ANN: GLX2 3.05

Bernard Devlin bdrunrev at gmail.com
Tue Jun 19 06:21:14 EDT 2012


I never use FTP to communicate with a server.  I will either use webdav
(over https) or scp or a ssh tunnel (I seem to remember FTP cannot be
tunnelled over ssh, but it seems ridiculous that it cannot).  Even on
windows, putty can do secure file transmission.

If we IT professionals don't insist on using secure protocols, we are never
going to convince end users/customers of the importance of them. I still
see friends handing over their credit card details on websites, oblivious
to whether or not the URL says https (let's not even go into the issue of
them checking the certificate chain).  And these friends are considered IT
experts in their circles.  Two of my friends who are IT professionals have
had their identities stolen and purchases made in their names.

20 years ago when Lotus Notes first appeared, security obsessions were
built in from the ground up. It was (originally) aimed at small businesses.
 And it was assumed that those businesses would need guarantees about the
secure transmission of data, local encryption of data, and guarantees of
authentication between users and servers.  If the same product was built
today, I doubt that most of those concerns would be considered.  We are far
more connected, but apparently far less concerned about data security.

Bernard

On Fri, Jun 15, 2012 at 4:30 PM, Richard Gaskin
<ambassador at fourthworld.com>wrote:

> Andre Garzia wrote:
>
>  This usually happens once one of two things happens:
>>
>> 1 - you have a compromissed FTP account. Maybe one collaborator lost your
>> FTP account or an infected machine is harvesting them from your HD (more
>> common on windows). Something caused the FTP account to be compromissed,
>>
>
> LiveCode's libURL currently handles only non-secure FTP, so any use of its
> FTP features means sending your password over the wire in plain text.
>
> Given the usefulness of FTP for so many applications and the dangers of
> having to use only the older non-secure form, at the risk of sounding like
> a broken record here's the link to the RQCC request for secure FTP:
>
> <http://quality.runrev.com/**show_bug.cgi?id=6405<http://quality.runrev.com/show_bug.cgi?id=6405>
> >
>
> 154 votes and counting...
>
>
> --
>  Richard Gaskin
>



More information about the Use-livecode mailing list