ftpd leaks info which might be useful to an attacker
Nelson H. F. Beebe
beebe at math.utah.edu
Wed Sep 14 18:07:53 UTC 2016
Matthew Seaman <matthew at FreeBSD.org> writes today:
>> About the only useful way to use FTP any more is for anonymous read-only
>> access to download stuff from an archive -- and in that use case, a web
>> server is generally a much better choice. FTP as a protocol is archaic
>> and needs to die.
I agree with the first point (up to the dash), but strongly disagree
with the second: FTP provides directory listing capability, whereas
HTTP does not. I use "dir -tr" in FTP connections quite frequently,
and I find the timestamps in the directory listings critical
information that is routinely lost at many HTTP-only sites.
-------------------------------------------------------------------------------
- Nelson H. F. Beebe Tel: +1 801 581 5254 -
- University of Utah FAX: +1 801 581 4148 -
- Department of Mathematics, 110 LCB Internet e-mail: beebe at math.utah.edu -
- 155 S 1400 E RM 233 beebe at acm.org beebe at computer.org -
- Salt Lake City, UT 84112-0090, USA URL: http://www.math.utah.edu/~beebe/ -
-------------------------------------------------------------------------------
More information about the freebsd-security
mailing list