On Sun, 26 Sep 1999, James Myles wrote:
Hi list,
I have to admit to being rather confused about this thread. Is it unsafe for my users to just use wu-ftp, except for the obvious disadvantage of the password being sent plain text? -- Thanks,
Well, it's as safe or unsafe as it has been for a while. What you see going on right now is a witch-hunt. If your servers are located in an intranet and your users have not mounted malicious attacks frequently in the past then this discussion is IMHO not for you. If, on the other hand, your servers are publicly accessible, you might want to follow up because some exploits have been published with code samples. You never know who will try it just for the fun of it. As the maintainer of ProFTPd, McGuyver, is proactively closing the holes and ProFTPd has been the primary target, interest is likely to decease in the near future. And WU-FTP maintainers will certainly not stand behind. Probably ProFTPd 1.2.0pre7, which has only just been released, is the most security aware server out there at the time of this writing.
James
Volker -- Volker Wiegand Phone: +49 (0) 6196 / 50951-24 SuSE Rhein/Main AG Fax: +49 (0) 6196 / 40 96 07 Mergenthalerallee 45-47 Mobile: +49 (0) 179 / 292 66 76 D-65760 Eschborn E-Mail: Volker.Wiegand@suse.de ++ Only users lose drugs. Or was it the other way round? ++