[1121] in WWW Security List Archive
Re: FTP Security
daemon@ATHENA.MIT.EDU (John Pettitt)
Fri Nov 3 22:29:23 1995
Date: Fri, 3 Nov 1995 16:41:05 +0000
From: John Pettitt <jpp@software.net>
To: Kim Ikbae <om@pc.isl.goldstar.co.kr>
cc: www-security@ns2.rutgers.edu
In-Reply-To: <199511030905.SAA19756@pc.isl.goldstar.co.kr>
Errors-To: owner-www-security@ns2.rutgers.edu
On Fri, 3 Nov 1995, Kim Ikbae wrote:
> Hello forks.
>
> I'm currently making WWW Page for our project team.
> I'd installed all required stuffs for the service but there is
> a problem which I have no idea how to deal.
>
> As you know when a browser requsts ftp service to a server, the default
> user id is set to anonymous. But I don't want to install anonymous
> service for my system and let the browser access my service using some
> user id so that confidential documents are not revealed to others.
>
> I know how to restrict some directoris using .htaccess file but
> even after some user succeeded the user identification the ftp
> access is only under anonymous.
>
> I tried some thing like this; http://user:passwd@host/directory/file
> but this scheme shows the user and password via browser which is not
> recommended by NCSA and my team members(they will kill me! :)).
>
> So the question is that if there is any scheme which enables a user
> specifies his/her user id and password just like FORM HTML page and
> if the user succeeds the identification the ftp accesses the
> server with the id while not showing the user's password information.
>
> If you have any idea pls let me share!!
>
Why use ftp at all? just put the files someplace httpd can seem tham and
serve using http.
John Pettitt
jpp@software.net
VP Engineering, CyberSource Corp. +1 415 473 3065 (V) (fax 3066)
