DEC8235 and MM57109N ICs
Ray Arachelian
ray at arachelian.com
Sat May 17 10:12:45 CDT 2008
Adam Sampson wrote:
> Gordon JC Pearce <gordonjcp at gjcp.net> writes:
>
>
>> FTP is pretty much the best example I can think of if you wanted me
>> to name a massive security hole.
>>
Depends on the ftp server you use, and how it's configured. chroot is
your friend here, though not your only friend.
>
> The other problem with FTP for this sort of thing is that it often
> interacts badly with NAT and firewalling (at both ends of the
> connection).
Allowing for passive ftp is one way to fix this. Some NAT systems have
a proxy for this if you don't like passive ftp, for example, OBSD's pf
uses this sort of proxy.
However, there's nothing wrong with putting this stuff on a web server
instead, which makes life a lot easier for everything except the "grab
this entire directory" option - but for that, there's always wget.
More information about the cctalk
mailing list