On Thu, 29 Nov 2001 09:53:42 +1100 (EST) adam <adamd@forensicdata.com.au> wrote:
Agreed Kurt, HTTP is a much nicer protocal anyway and if i REALLY have to use plain FTP then its the OpenBSD daemon.
BTW: an excellent doc
Adam
On Thu, 29 Nov 2001, Kurt Seifried wrote:
None of the existing FTP servers with the exceptions of VSFTPD, and maybe OpenBSD's FTPD are even remotely classifiable as "hardened". ProFTPD is a huge mess. Every single effort at a UNIX/Windows ftp server I have ever seen is a disaster. The FTP protocol itself is a disaster, for clients and servers:
http://www.seifried.org/security/network/20010926-ftp-protocol.html
All in all it's just horrible. For bulk transfers consider apache + wget, for users ssh scp/sftp or https.
Personally I prefer PureFTPD. (http://www.pureftpd.org/) -- Viel Spaß Nix - nix@susesecurity.com http://www.susesecurity.com