Controlling FTP Access
FTP access is not something you should enable lightly. Although it’s crucial for your users to have access to FTP for uploading files (such as web pages) to your server, it’s also a potential source of security issues—it’s a clear-text mechanism, meaning that all data (including passwords) is transmitted unencrypted and available to anybody eavesdropping with packet-sniffing software.
As you’ll learn in Chapter 30, most major clear-text services can be superseded by a secure equivalent: Telnet with SSH, HTTP with Secure HTTP, and POP3 and IMAP with their own built-in encryption layers. FTP, however, is inherently insecure, and although several secure solutions have been put forth (such as the sftp command built into the ...
Get FreeBSD6 Unleashed now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.