Re: FTP-client for Windows, safety concerns

[Peter Bex <Peter.Bex%xs4all.nl@localhost>]

On Fri, Jun 15, 2012 at 09:25:17AM +0200, Niels Dettenbach (Syndicat 
IT&Internet) wrote:
> Riccardo Mottola <riccardo.mottola%libero.it@localhost> schrieb:
> 
> >know it doesn't steal my own passwords) and the same application runs
> >on
> >NetBSD with GNUstep.
> 
> Ok,
> but this risk is the same for other users then you ;)
> 
> Generally - there are many ftp clients out - especially console based - which 
> are particularly very comfortable / flexible (like lftp) developed, widely 
> used and reviewed against such and other fraud / security risks in the Open 
> Source community - easily and securely available i.e. over macports and other 
> secured repos for mac.

I don't understand all the fuss about security when we're talking
about FTP, of all things.  What use is a perfectly trusted FTP client
when it's being used in an unsecured public wifi spot, or on a LAN
where an attacker can simply pluck the password from the line?

It's better to use a secure communications system like the sshd subsystem
sftp, for example.  Then it makes sense to think about how much you trust
the client.  There are several free as in freedom sftp clients like
Filezilla (works on NetBSD, Windows, OS X) or WinSCP (which afaik only
works in Windows).  And there's FireFTP which is simply a plug-in for
Firefox.  Finally, a CLI-based sftp client comes preinstalled on most
Unix-like systems, including Mac OS X.

Of course you can also use FTP over SSL, but AFAIK our ftpd doesn't
do that, and many simpler FTP clients don't support it either.

Cheers,
Peter
-- 
http://sjamaan.ath.cx
--
"The process of preparing programs for a digital computer
 is especially attractive, not only because it can be economically
 and scientifically rewarding, but also because it can be an aesthetic
 experience much like composing poetry or music."
                                                        -- Donald Knuth