On Wednesday 14 July 2004 02:12 am, Tom Knight wrote:
Okay, FTP server of choice - Hakim's document mentions using proftpD. Is this really more secure than all the mainstrain alternatives? I've gone (where possible) for RPMs maintained by SuSE, and proftp isn't one of them. On SLES, the choice appears to be: ?pure-ftpd?1.0.12 ?Lightweight, fast and secure FTP server ?vsftpd ?1.1.0 ?A Very Secure FTP Daemon - written from scratch.
You'd be better off with Samba, IMHO. But as far as ProFTPD there were a couple of security flaw in a row and that was enough to freak SuSE, and it stopped being offered after 8.2. Pure-FPTd is offered, (and it just had a security flaw, so no doubt SuSE will bolt from that one too ;-) Profptd's big advantage is flexibility of configurations, with a syntax for setting directories and permissions similar to a web server, it makes offering disjoint portions of the file system easier. I like it, I use it, but on my 9.x machines I'm going with what SuSE offers, just because security issues are taken care of in one place. -- _____________________________________ John Andersen