On 2001-07-30 00:44:51, Kalle Hasselström wrote: > How much of a security risk would it be to run an ftp server? Make sure you have have restrictive permission on all directories if you allow anonymous ftp, otherwise you will be staging pirated software or DVDs fairly quickly. The ftp servers with most interesting features (proftpd, wu-ftpd and friends) have had issues in the past, but past performance might not be any indication of the future. > Is the > biggest risk the clear-text passwords (I won't be transferring > confidential files, I just don't want anyone to break in), or are > there other major security holes as well? I would hope that servers with known holes are patched or pulled, but you might want to check out bugtraq or cert to convince yourself. For servers that uses PAM, you should check out if any of the authentication modules might suit your needs (one-time passwords for instance). /Allan -- Allan M. Wind email: allanwind@mediaone.net P.O. Box 2022 finger: awind@digit-safe.dyndns.org (GPG/PGP) Woburn, MA 01888-0022 USA
Attachment:
pgpZLt5Dy039E.pgp
Description: PGP signature