Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'ftpd comments' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
ftpd comments
Authored by: victory on Sep 04, '02 07:24:09PM

Yeah, I'd noticed that the ftp server with 10.1 and earlier seemed to be a generic one that was probably a part of OSX's BSD legacy. With 10.2, it appears as if Apple is using lukemftpd, which is an open source ( http://freshmeat.net/projects/lukemftpd/?topic_id=89 ) offering. I wonder why? (Personally I wish they had chosen proftpd) Perhaps it's simply because lukemftpd is a project in active development that already has stuff like IPv6 support.

As to the overall security issue, I agree with Chas that sftp/SSH is far more secure. However, like telnet, FTP can still be useful in limited instances, such as on a small internal LAN. Also, ftp is ubiquitous -- nearly every version Windows comes with a cmd-line FTP client. Often it's quicker for me to flip on ftp-access on my PowerBook and grab a few files from a nearby Wintel box than it is to set up SMB/Windows filesharing (even with the improvements in 10.2)



[ Reply to This | # ]
Speaking of which....
Authored by: victory on Sep 04, '02 07:37:55PM

...here's another trick that's a DEFINITE SECURITY RISK, but may be helpful as a last resort if you're on a machine that doesn't come with a native FTP client (MacOS 8.x and earlier, Windows 3.1, etc) Many people forget that most web-browsers work perfectly fine for doing FTP downloads. The only tricky part is including the username and password in the URL. Basically, you use the form:

ftp://username:password@ftpserver-address

A useful trick in a pinch, but risky for all else. Forget packet-sniffing, all someone has do is look at your screen (or history cache) to see your password!



[ Reply to This | # ]