Wow, I never thouht that FTP is such a security risk... Should I disable standard FTP and force my customers to use safetp ?
In theory, that would be the best route, in practice, it will probably never happen that we get users to abandon ftp...
The issue in point here is that if you FTP into the box as server admin, you've just sent the SERVER password out in plain text.
If someone savvy in the way of RAQ's got that password, even if you had separate root and admin passwords for the box, it would be a simple matter for them to log onto the cp, change the password and thereby wipe the root password with the new admin/root passwd..
FTP is still insecure but if a password is cracked, it gives, at worst the password to a site level administrator.. bad, but not nearly as bad as throwing them the keys to the server..
WS _________________________________________________________________MSN Photos is the easiest way to share and print your photos: http://photos.msn.com/support/worldwide.aspx