[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-users] ftp security
- Subject: Re: [cobalt-users] ftp security
- From: Jim Dory <jdory@xxxxxxxxxxxxxx>
- Date: Mon Sep 8 09:32:01 2003
- List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>
Goetz Lohmann wrote:
Ok ... with proftpd you have two common security problems to deal with.
1.) username authentication will use clear text paswords like in telnet :-(
2.) most hacks try to do a buffer overflow in proftpd
to the first you could prevent this by running proftp version 1.28 or above which
could use SSL/TLS security authentication like SSH. You might easalie update it
with RPM or compile it by your own. The pretty way of this is, that it still works
with the cobalt admin interface, cause the needed changes to the proftpd.conf
are untouched :-)
Thanks much for the replies everybody - this is a big help.
This sounds like a nice solution - using SSL. I'm not too familiar with
it.. not sure how to enable SSL for just Proftp but I can search that
out. Assuming this can be self-signed.
so I guess ... get proftpd-1.2.8 source tarball ... compile it with a stackguard
enabled gcc and change the existing proftpd-1.2.4 (???) to the new one.
This stackguard enabled gcc is new to me, so will have to do some googling. The question I have is how to install it without breaking anything. Does it overwrite the gcc that is installed - and if so, maybe that is no problem? Thanks again.
--Cheers,
Jim D.