login about faq

After heavy testing i am at a point where i have to ask a question regarding security. We want to use your lib to develope a C++ based application which allows our customer to upload files to our ftp-server.

But we have to make sure, that nobody can extract or sniff the logindata while connecting to the ftp-server. As far as i can see implementing SFTP is not a good idea (too many rights, and our NAS does only allow 'admin' to connect via SFTP).

But which is the best and most secure way to give FTPS access?

  • FTP Explicit SSL (AUTH SSL, TLS) or
  • FTPS / Implicit SSL

Not sure how deep encryption goes here? Do both encrypt Logindata, so the user can't sniff it while connecting to the server?

asked Sep 26 '12 at 07:35

RootTag's gravatar image

RootTag
35121623

edited Sep 26 '12 at 07:36


In both cases, the login happens over an SSL/TLS connection.

link

answered Sep 26 '12 at 08:01

chilkat's gravatar image

chilkat ♦♦
11.8k316358421

Thank you. Think i got the point and both is OK to use, but should stick to Implicit SSL:

FTPS Implicit SSL

In implicit SSL mode a required SSL session is established between client and server before any data is exchanged. In other words, the use of SSL is implied because any attempt made by a non-SSL client would automatically be refused by the server. Typically FTPS implicit SSL services run on port 990.

FTPS Explicit SSL

In explicit SSL mode the client can optionally switch from unencrypted mode to SSL. This is useful in that the server can support both unencrypted FTP and encrypted FTPS sessions on a single port, typically port 21. In an explicit SSL session the client first establishes an unencrypted connection to FTP service. Prior to sending user credentials, the client then requests that the server switch the command channel to an SSL encrypted channel using the client AUTH TLS or AUTH SSL commands. Upon successful setup of the SSL channel the client then sends user credentials to the FTP server. These credentials along with any other commands sent to server during the FTP session are automatically encrypted by the SSL channel.

link

answered Sep 26 '12 at 08:09

RootTag's gravatar image

RootTag
35121623

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or __italic__
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Tags:

×24
×2

Asked: Sep 26 '12 at 07:35

Seen: 1,464 times

Last updated: Sep 26 '12 at 08:09

powered by OSQA