NetBSD-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: FTP-client for Windows, safety concerns

On Thu, Jun 14, 2012 at 03:54:49PM -0700, Scrap Happy wrote:
> Hi Herb,
> On 6/14/2012 3:37 PM, herbert langhans wrote:
> >I often share files via FTP with my students, friends, family members
> >and people who I know personally. Then I create an user account, link or
> >copy the files in their /home directory so they can download them.
> >Nothing unusual ...
> >
> >Sometimes people ask me, where to get 'such a program' (the FTP-client)
> >from - I tell them to pick some freeware/shareware client from anywhere
> >and install it on their Windows or Apple computer.
> >
> >The thing I am concerned of is, that these freeware clients could be
> >easily prepared to steal the password of MY server. And between user
> >account and root access its not that a big step.
> So, you are assuming that the freeware clients were surreptitiously
> designed to try to attack any sites that their user's made them
> aware of -- and report the results of these attacks (or simply
> the mere existence of the sites!) to some other agency?
> >Long story, simple question: what relieable(!) FTP-client for Windows
> >and Apples should I recommend to my FTP-users? Some full functional
> >(think about gftp) gui-programm would be the best. Maybe even something
> >easy to install, so I can send them the exe file via e-mail ...
> >
> >All ideas welcome. Thank you!
> >herb langhans
> >(sorry for double posting - was meant for netbsd-users, not
> >pkgsrc-users)
> What's wrong with just specifying an ftp:// URL in any of
> the common browsers?  Or, does your distrust apply equally
> to MS's IE, Mozilla's Firefox, etc.?
> Sorry, have I missed some other issue, here?  :<

No, not that you missed something. But sometimes the users have to
upload files too. Photos, website content and such. With the browser its
quite limited, its sometimes to basic.

With the ftp-clients I am just concerned that they simply could be logging 
the passwords and send them to the bad guy. You know what junk is out there,
especially in the Windows world.

I remember a ssh-client (putty for Windows) - there were 'evil' ones
around. They really had stolen passwords, quite a dangerous thing. Only
the version from the original putty-website can be trusted.

herb langhans

Home | Main Index | Thread Index | Old Index