RSS 1.0FTPplanet.com Blog
« WS_FTP Home & Carbonite online backup - Special Offer | Main | Getting Started with FTP online tutorial »
August 20, 2007
Secure username & password
Here are some words of wisdom about secure file transfer from self-proclaimed technology geek Zac Garrett.
"What most people do not realize is that FTP is insecure because it sends the username and password in clear text. If a malicious person wanted to break into a server all they have to do is sniff for a FTP transaction and you will get the username and password when a user logs in.
There are several solutions available for securing FTP, the two most common are FTPS and SFTP.
FTPS is very similar to HTTPS in your browser, it adds a security certificate to the FTP daemon and allows a user to connect to the server securely using those credentials.
SFTP uses the SSH protocol to do file transfers. SSH is extremely secure, as long as you are running version 2"
Well, I think that Zac is absolutely correct. I often preach about the need to use FTPS (also called SSL) or SFTP (also called SSH2) to encrypt files as they are being transported because plain FTP does not encrypt. But Zac is absolutely correct to point out that FTP also doesn't protect your username and password and that is another super important benefit of the encrypted FTPS / SSL and SFTP / SSH protocols.
Posted by Hugh Garber at August 20, 2007 07:40 AM digg this add to del.icio.us add to My Web Furl this page
Trackback Pings
TrackBack URL for this entry:
http://www.ftpplanet.com/cgi-bin/mt-tb.cgi/620
Comments
Excellent advice.
Posted by: Tara Kelly at August 20, 2007 06:05 PM
Quick Links
Featured Item