ANN: FTP Commander (the ftp browser Frank asked for...)
Andre Garzia
soapdog at mac.com
Tue Sep 7 19:48:52 EDT 2004
On Sep 7, 2004, at 7:58 PM, Alex Tweedly wrote:
> Yes, they can sniff passwords. Standard FTP (rfc959) sends passwords
> in cleartext, so anyone with physical access to the network, and
> suitable packet-capture hardware can easily sniff the password.
>
> See rfc 2577 for various other things that will scare you about using
> ftp :-)
>
> -- Alex.
I never researched packet capture and those "security auditing"
tools... the thing that scares me most is the fact that when in passive
mode, the server will start listening in a data port and accepts any
connection without checking if the data port client is the same one in
the control port, and it will send the file to that client, file theft
is just a matter of being there in the right time... very scary...
andre
>
--
Andre Alves Garzia ð 2004 ð BRAZIL
http://studio.soapdog.org
More information about the use-livecode
mailing list