Wednesday, February 13, 2008

Your FTP / SSL solution is really secure, right?

Well no, not really. Almost all real-world usage of FTP over SSL has problems whereby the FTP data connection can be stolen (resulting in stolen downloads or forged uploads). The problem is mainly with FTP clients - if you require end users to generate their own SSL certs and manually enable sending them to the server, you've already lost on usability grounds.

Full technical details at http://scary.beasts.org/security/CESA-2008-002.html

1 comment:

pammi said...

Acesoftech is one of the leading Kolkata based website design company. The kolkata web design company provides high-quality, and professional services at affordable rates. We have clients from different parts of the world because of our quality works.Kolkata web design company