[NCLUG] nautilus file manager
Bob Proulx
bob at proulx.com
Sat Oct 6 12:05:21 MDT 2012
Kerry Miller wrote:
> I recently was using nautilus file manager to connect to a FTP site.
> This site serves my website I can NO longer use nautilus to browse the
> file structure of the site there fore I can NOT use nautilus to maintain
> my website. How do I complain about this change.
Is it possible that your site is simply no longer allowing ftp?
Is it possible that your site would work with the ssh based sftp?
As soon as you say FTP it sets off alarm bells in my head. FTP is one
of those classic ARPA protocols from the era when we were all friends
and the protocols were all about trust. (I can still remember the day
when I received an email from someone that I did not personally know.
No one around me could believe it. It was one of those "wow" moments.)
FTP sends all of the user names and passwords in the clear between the
sites. This makes it a target for "sniffing" and other attacks. This
is a serious problem on today's hostile Internet. Don't use it.
These days ftp is still useful for anonymous downloads and accountless
distribution. That is a read-only activity so no security problems
there. So it won't entirely disappear anytime soon. But it is
effectively replaced by http distribution and outpaced by bittorrent.
If I were the site operator I would never allow an FTP upload because
it is fundamentally insecure due to the passwords-in-the-clear
problem. If I had inherited a site like that I would work to convert
everyone away from FTP. (As much as I dearly love the underlying
elegance of the protocol.)
And actually even though I said never (one should never say never) I
do support a client with a blind ftp drop location. But it has safety
guards in place.
Bob
More information about the NCLUG
mailing list