[lug] Replacing FTP with a Web App?
Paul Nowosielski
paul at danamusic.com
Fri Feb 28 08:52:47 MST 2003
Siegfried,
I would say FTP is only a security issue if you allow it to be.
For example I got my last job as system admin because the admin before
me didn't keep up with minimal updates and the server was hacked via
Wu-FTPD.
I see a lot of FTP exploits through anonymous servers but I get most of
my software through the same. So you must decide.
I run Pro-FTP and have never had a problem.
It would be incredibly easy to implement the file
upload/listing/authentication with PHP.
If you have a lot of users you may even want to implement some type of
database integration (MySQL).
If this is for a small number of users you could just use apache
.htaccess files for authentication. shell$ man htpasswd
I have some code snippets for this sort of thing let me know if you
would like them.
Paul Nowosielski
On Thu, 2003-02-27 at 23:54, Richard Heintze wrote:
> My client is presently running a public FTP server on
> a windows box.
>
> Is it true that FTP is a security risk?
>
> He wants to abandon FTP in favor of a more user
> friendly web application. I suggested WebDAV but he
> thougth that was too complicated for his users.
>
> Since he wants to eventually abandon Windows in favor
> of Linux, how would you suggest I write a secure web
> app that emulates only the login/password/security,
> "put" and "ls" features of FTP?
>
> J2EE (and therefor TOMCAT/JBoss) implements
> authentication and authorization and they run well on
> windows and linux.
>
> I think Apache HTTPD implements authentication and
> authorization too -- probably with perl.
>
> Are there any other approaches you might recommend?
>
> Thanks,
> Siegfried
>
>
> __________________________________________________
> Do you Yahoo!?
> Yahoo! Tax Center - forms, calculators, tips, more
> http://taxes.yahoo.com/
> _______________________________________________
> Web Page: http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> Join us on IRC: lug.boulder.co.us port=6667 channel=#colug
>
More information about the LUG
mailing list