Re: FTP Security

• To: Kim Ikbae <om@pc.isl.goldstar.co.kr>
• Subject: Re: FTP Security
• From: John Pettitt <jpp@software.net>
• Date: Fri, 3 Nov 1995 16:41:05 +0000
• cc: www-security@ns2.rutgers.edu
• In-Reply-To: <199511030905.SAA19756@pc.isl.goldstar.co.kr>

On Fri, 3 Nov 1995, Kim Ikbae wrote:

> Hello forks.
> 
> I'm currently making WWW Page for our project team.
> I'd installed all required stuffs for the service but there is
> a problem which I have no idea how to deal.
> 
> As you know when a browser requsts ftp service to a server, the default
> user id is set to anonymous. But I don't want to install anonymous 
> service for my system and let the browser access my service using some 
> user id so that confidential documents are not revealed to others.
> 
> I know how to restrict some directoris using .htaccess file but
> even after some user succeeded the user identification the ftp 
> access is only under anonymous.
> 
> I tried some thing like this; http://user:passwd@host/directory/file
> but this scheme shows the user and password via browser which is not
> recommended by NCSA and my team members(they will kill me! :)).
> 
> So the question is that if there is any scheme which enables a user
> specifies his/her user id and password just like FORM HTML page and
> if the user succeeds the identification the ftp accesses the 
> server with the id while not showing the user's password information.
> 
> If you have any idea pls let me share!!
> 
Why use ftp at all?  just put the files someplace httpd can seem tham and 
serve using http. 

John Pettitt                                          
jpp@software.net
VP Engineering, CyberSource Corp.       +1 415 473 3065 (V) (fax 3066)

• FTP Security
• From: Kim Ikbae <om@pc.isl.goldstar.co.kr>

• Previous: Re: FTP Security
• Next: RE: Getting off of this list (fwd)
• Index(es):
  • Index
  • Thread