[NCLUG] webhosting question
Chris Riddoch
socket at peakpeak.com
Tue Oct 15 22:14:30 MDT 2002
"J. Paul Reed" <preed at sigkill.com> writes:
> On Tue, 15 Oct 2002 dherr at frii.com wrote:
>
> > If the only way to upload web pages and database files is via ftp (not
> > scp), then isn't the username/password sent in "plain text" over the
> > internet?
>
> Yes. Unless you tunnel the ftp-control channel through ssh, which is a
> hack, but it works for these situations.
>
> > If it is, then how can any of my data be secure?
>
> It can't.
>
> > I called and asked their tech support rep. about this, and he said they
> > haven't seen any problems with doing it this way.
>
> Then they're idiots.
I'd like to take this moment to mention that Peak to Peak only allows
you to use FTP to upload pages to your web space, and only provides
POP3 for pulling down email from their server, both of which send your
passwords in the clear.
So I can't download my email when I'm on my laptop on campus, or on
the wireless network at the coffee shop where we hold the Boulder
hacking society, or when I'm connected through anything but their
dialup lines.
Am I inconvenienced? Heck, yes. To their credit, Peak to peak has
good dialup service, but they obviously assume that I'll *always* be
getting email or uploading to my website from their dialup lines. My
world is a little bigger than their modem pool.
--
Chris Riddoch | epistemological
socket at peakpeak.com | humility
More information about the NCLUG
mailing list