[NCLUG] webhosting question
J. Paul Reed
preed at sigkill.com
Tue Oct 15 18:42:29 MDT 2002
On Tue, 15 Oct 2002 dherr at frii.com wrote:
> If the only way to upload web pages and database files is via ftp (not
> scp), then isn't the username/password sent in "plain text" over the
> internet?
Yes. Unless you tunnel the ftp-control channel through ssh, which is a
hack, but it works for these situations.
> If it is, then how can any of my data be secure?
It can't.
> I called and asked their tech support rep. about this, and he said they
> haven't seen any problems with doing it this way.
Then they're idiots.
Unfortunately, security is not (and *can't*, really) be a high priority for
hosting companies that put 1000 people on one Linux box.
he.net is known for really good hosting services, but the security on
their shell/webspace boxes is a joke, and a number of those boxes have been
compromised.
Later,
Paul
-----------------------------------------------------------------------
J. Paul Reed preed at sigkill.com || web.sigkill.com/preed
Wait, stop! We can outsmart those dolphins. Don't forget: we invented
computers, leg warmers, bendy straws, peel-and-eat shrimp, the glory
hole, *and* the pudding cup! -- Homer Simpson, Tree House of Horror XI
More information about the NCLUG
mailing list