Re: FTP Security

• To: om@pc.isl.goldstar.co.kr
• Subject: Re: FTP Security
• From: John Stewart <jns@cisco.com>
• Date: Fri, 03 Nov 1995 07:46:47 -0800
• cc: www-security@ns2.rutgers.edu
• In-reply-to: Your message of "Fri, 03 Nov 1995 18:05:45 +0900." <199511030905.SAA19756@pc.isl.goldstar.co.kr>
• Zippy-Sez: Please come home with me... I have Tylenol!!

-> 
-> Hello forks.
-> 
-> I'm currently making WWW Page for our project team.
-> I'd installed all required stuffs for the service but there is
-> a problem which I have no idea how to deal.
-> 
-> As you know when a browser requsts ftp service to a server, the default
-> user id is set to anonymous. But I don't want to install anonymous 
-> service for my system and let the browser access my service using some 
-> user id so that confidential documents are not revealed to others.
-> 
-> I know how to restrict some directoris using .htaccess file but
-> even after some user succeeded the user identification the ftp 
-> access is only under anonymous.
-> 
-> I tried some thing like this; http://user:passwd@host/directory/file
-> but this scheme shows the user and password via browser which is not
-> recommended by NCSA and my team members(they will kill me! :)).


Netscape doesn't have this restriction. You can specify 

http://user@host/directory/file

and it will prompt you for a password in a different style dialogue
box than the normal authentication box. I was appalled to learn that
all other browsers don't understand this convention, and if fact _we_
are going to have to implement something similar since we're changing
the CIO ftp system for Cisco.

I just wish all browsers did the FTP protocol correctly. 

--John

• Re: FTP Security
• From: Howard Melman <melman@osf.org>

• FTP Security
• From: Kim Ikbae <om@pc.isl.goldstar.co.kr>

• Previous: Re: Getting off of this list
• Next: Re: Upcoming IETF Meeting
• Index(es):
  • Index
  • Thread