Security issues in FTP

本文揭示了FTP协议在传输用户名、密码及文件时存在的安全隐患,并对比了其他不安全的协议,着重介绍了Secure FTP (SFTP) 和 FTPS 的安全性优势。通过解释这些协议的工作原理,文章旨在为读者提供关于构建安全FTP客户端的知识背景。

摘要生成于 C知道 ,由 DeepSeek-R1 满血版支持, 前往体验 >

http://www.raditha.com/php/ftp/security.php

Send your password in clear text

The biggest problem with FTP is that the server can only handle usernames and passwords in plain text. This is one of the reasons why the root account cannot be used for FTP access on most servers. The same applies for telnet.

FTP is not the only protocol that sends everything in the clear, POP, IMAP, Jabber are some other equally guilty protocols. The difference however is that FTP is very commonly used to upload contents to various kinds of servers including webservers. Someone who sniffs your mail server might read your private mail, but someone who sniffs your FTP password can deface your website. Matters have not been helped by the fact that some FTP servers are notoriusly buggy.

For these reasons there are various alternatives including Secure FTP (SFTP), which despite the name is quite different from FTP. SFTP applies encryption on all messages between the client and the server. There is also another alternative FTPS. Losely speaking we can think of FTPS being to FTP what HTTPS is to HTTP.

Usernames and passwords are not the only things that are sent over clear text. The files themselves are uploaded or downloaded without any encryption at all. That online store you buy your T-shirts from might give you an HTTPS page to enter your credit card, and their accountants maybe downloading the card details over FTP!

Having said all that this article is not intended to be an indepth study of cryptography, rather it's intended to give you a small amount of background information as we work towards building a FTP client using PHP.


C:\Users\HNUST\AppData\Local\Programs\Python\Python38\python.exe D:\Algorithm\yolov5_Bucket\main.py D:\Algorithm\yolov5_Bucket\main.py:17: DeprecationWarning: sipPyTypeDict() is deprecated, the extension module should use sipPyTypeDictRef() instead class Ui_MainWindow(QtWidgets.QMainWindow): QSS file successfully loaded. Found version patches to be applied. Found application patches to be applied. D:\Algorithm\yolov5_Bucket\models\experimental.py:96: FutureWarning: You are using `torch.load` with `weights_only=False` (the current default value), which uses the default pickle module implicitly. It is possible to construct malicious pickle data which will execute arbitrary code during unpickling (See https://github.com/pytorch/pytorch/blob/main/SECURITY.md#untrusted-models for more details). In a future release, the default value for `weights_only` will be flipped to `True`. This limits the functions that could be executed during unpickling. Arbitrary objects will no longer be allowed to be loaded via this mode unless they are explicitly allowlisted by the user via `torch.serialization.add_safe_globals`. We recommend you start setting `weights_only=True` for any use case where you don't have full control of the loaded file. Please open an issue on GitHub for any issues related to this experimental feature. ckpt = torch.load(attempt_download(w), map_location=map_location) # load Fusing layers... Model Summary: 213 layers, 7015519 parameters, 0 gradients, 15.8 GFLOPs 打开图片 [ WARN:0@11.687] global loadsave.cpp:241 cv::findDecoder imread_('D:/Algorithm/datasets_铲斗/train/images/fh_ftp_q2_20230906_102525.jpg'): can't open/read file: check file path/integrity D:/Algorithm/datasets_铲斗/train/images/fh_ftp_q2_20230906_102525.jpg 进程已结束,退出代码为 -1073740791 (0xC0000409)
03-26
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值