17 May
2008
17 May
'08
3:12 p.m.
Adam Sampson wrote:
Gordon JC Pearce <gordonjcp at gjcp.net>
writes:
> FTP is pretty much the best example I can think of if you wanted me
> to name a massive security hole.
>
Depends on the ftp server you use, and how it's configured. chroot is
your friend here, though not your only friend.
The other problem with FTP for this sort of thing is that it often
interacts badly with NAT and firewalling (at both ends of the
connection).
Allowing for passive ftp is one way to fix this. Some NAT systems
have
a proxy for this if you don't like passive ftp, for example, OBSD's pf
uses this sort of proxy.
However, there's nothing wrong with putting this stuff on a web server
instead, which makes life a lot easier for everything except the "grab
this entire directory" option - but for that, there's always wget.