FTP Security

Shroder

I'm currently trying to make my way through a problem. I'm trying to use ftp but I don't have the ability to use ssh. So the ftp connection will not be secure.

I was thinking though, if I had a php script that connects to the ftp via localhost would I still be running into the same problem? The username and password would all be handeled localy and there wouldn't be a risk of someone sniffing the network and getting the username/password would there?

Thanks for the help!

drawmack

well if it's all happening on the localhost why do you need ftp at all just copy the files.

ftp is for remote access, if you're using remote access then at some point the information must travel from computer a to computer b.

Shroder

I'm basicaly trying to create a secure connection from a non secure connection.

I thought that by using php the ftp function would initiate the ftp session localy and then bring it up on the browser.

drawmack

Originally posted by Shroder
I'm basicaly trying to create a secure connection from a non secure connection.

I thought that by using php the ftp function would initiate the ftp session localy and then bring it up on the browser.

Alright I'll make this real, real simple.

If you embed the username and password into the file containing the ftp script then they would not be transmitted, and therefor would not be able to be sniffed. However, anyone could just pull up that page and automatically have ftp access to your site. So you'll have to password protect this page, but those passwords will be transmitted in plaintext and can be packet sniffed.

Do you understand now?

Shroder

I appreciate the help but not the attitude.

I was thinking of using a database. So the username/password would not be hard coded into the script.

Thank you for the help.

LordShryku

That was attitude?

Moonglobe

Originally posted by LordShryku
That was attitude?

i would call it frustration myself.......

Shroder

Maybe attitude was the wrong word. To me he just seemed to be getting cocky and wasn't giving correct information.

drawmack

Originally posted by Shroder
I appreciate the help but not the attitude.

I was thinking of using a database. So the username/password would not be hard coded into the script.

Thank you for the help.

okay so you store the username/password in a database. How does the script look it up?

If you are passing files from computer a to computer b via ftp, computer a must, MUST, MUST, MUST] log into coputer b. If that is't clear just remember that computer a must log into computer b.

So you're thinking of using php and a database.

So the php script will look up the log in information in a database. So if an unauthorized user visits that page it still looks it up in a database and connects them.

The only way to stop this is to password protect that page. And at that point you are still transmitting a username and password over the internet.

It is this simple either you do something that is totally insecure and allows anyone ftp access or you tgransmit the username and password in plaintext.

BTW: I'm not giving you attitude. Now what's with accusing me of diseminating misinformation just because I'm telling you (for the third time now) that you're wrong.