[lug] Is anon ftp upload really bad?

John Hernandez John.Hernandez at noaa.gov
Wed Apr 24 16:25:02 MDT 2002

Peter Hutnick wrote:

> I DO NOT do FTP other than anon.
> I would urge others to use anon uploads (in a safe and sane way) over 
> cleartext authenticated FTP any day of the week.

I don't quite get it.  If you ADD authentication (even reusable 
clear-text passwords) to the current (safe and sane) method, how does a 
stolen password make you any worse off, provided the account is for ftp 

One-time password systems like S/Key and OPIE avoid the common problems 
with cleartext passwords by making any given password valid only once. 
  As mentioned before, this would be an enhancement (not a replacement) 
for your existing methods.  If the password communicated to the 
uploader happens to be intercepted, you would at worst revert to 
"anonymous mode" for one session.


   - John Hernandez - Network Engineer - 303-497-6392 -
  |  National Oceanic and Atmospheric Administration   |
  |  Mailstop R/OM12. 325 Broadway, Boulder, CO 80305  |

More information about the LUG mailing list