Re: your mail

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Christopher Klaus: "Re: your mail"
• Previous message: Scott Northrop: "Checksums in FTP servers."
• In reply to: Steven C. Blair: "Re: your mail"
• Next in thread: Christopher Klaus: "Re: your mail"

Steven C. Blair wrote :
|| 
|| John MacDonald says:
        ***^*****
	Macdonald
|| 
|| 	There is one advantage in doing this sort of thing.  There is
|| 	a powerful security advantage in having many off-site copies
|| 	of the ls-lR+hash file.  It is *really* hard for to cracker
|| 	to spoof a change to an existing file
|| 
|| If folks would quit using writable directories in their hierarchies then the
|| problem goes away. There are few to NO compelling reasons with my years of
|| experience that justify writable directories in anonymous FTP. You're just
|| asking for trouble, with a  big "T".
|| 
|| If you must justify having a writable directory that is FTp reachable from an
|| external network, either use a seperate login with a one-time passwd that is
|| changed mutually by both parties on your sites' end, or learn the
|| intricacies(sp?) of WU-FTPD which can prevent a lot of problems.

That is a separate issue.

Having checksums, and making it difficult to hide the existance
of a change by maintaining external copies of the expected
value of the checksum is a valuable tool for discovering that
a breach has occurred.

Getting the permissions right can prevent many types of such
breaches.
-- 
That is 27 years ago, or about half an eternity in | John Macdonald
    computer years.        - Alan Tibbetts         |   jmm@Elegant.COM

• Next message: Christopher Klaus: "Re: your mail"
• Previous message: Scott Northrop: "Checksums in FTP servers."
• In reply to: Steven C. Blair: "Re: your mail"
• Next in thread: Christopher Klaus: "Re: your mail"