[1114] in WWW Security List Archive
Re: FTP Security
daemon@ATHENA.MIT.EDU (John Stewart)
Fri Nov 3 14:43:03 1995
To: om@pc.isl.goldstar.co.kr
cc: www-security@ns2.rutgers.edu
In-reply-to: Your message of "Fri, 03 Nov 1995 18:05:45 +0900."
<199511030905.SAA19756@pc.isl.goldstar.co.kr>
Date: Fri, 03 Nov 1995 07:46:47 -0800
From: John Stewart <jns@cisco.com>
Errors-To: owner-www-security@ns2.rutgers.edu
->
-> Hello forks.
->
-> I'm currently making WWW Page for our project team.
-> I'd installed all required stuffs for the service but there is
-> a problem which I have no idea how to deal.
->
-> As you know when a browser requsts ftp service to a server, the default
-> user id is set to anonymous. But I don't want to install anonymous
-> service for my system and let the browser access my service using some
-> user id so that confidential documents are not revealed to others.
->
-> I know how to restrict some directoris using .htaccess file but
-> even after some user succeeded the user identification the ftp
-> access is only under anonymous.
->
-> I tried some thing like this; http://user:passwd@host/directory/file
-> but this scheme shows the user and password via browser which is not
-> recommended by NCSA and my team members(they will kill me! :)).
Netscape doesn't have this restriction. You can specify
http://user@host/directory/file
and it will prompt you for a password in a different style dialogue
box than the normal authentication box. I was appalled to learn that
all other browsers don't understand this convention, and if fact _we_
are going to have to implement something similar since we're changing
the CIO ftp system for Cisco.
I just wish all browsers did the FTP protocol correctly.
--John
