Reply With Quote
AFAIK ProFTPD is still viable, but if you're looking for real security, you might wanna take a look at vsftpd
I need to set up an FTP server for a client. I've haven't done this in a while, but when I last did it, I used ProFTPD. Can anyone tell me if this is still a viable server app, or is it riddled with security holes. Is there anything else out there that kicks ProFTPD's ass?
AFAIK ProFTPD is still viable, but if you're looking for real security, you might wanna take a look at vsftpd
ProFTPd all the way here.
I like proftpd, I don't know of anysecurity issues, but FTP as a protocol is pretty insecure. Use vsftpd if you're going for security.
Thanks for the replies. Security is an issue, as always, but not a dirving factor behind the server app I choose. In other words, I don't need MAX security.
I like ProFTPD and will probably stick with it, since I know how to admin it and don't really feel like learning another app.
Again, thanks everyone
With proftpd you can use mysql as backend. You can create fake (real for the people logging into the ftp) users and passwords in mysql tables and have mysql/proftpd authenticate against them. That way the ftp users dont have shell accounts and if someone sniffs a password-- they still have nothing.
Oh ya, proftpd runs in a chroot by default and you can set up ssl if your so inclined. I'll see if I can find a few walkthrough links.
If you do the right things, you can shore up ftp reasonably well.
dan
Edit: I went vsftp site-- wow it has most of the features builtin that I have to hack proftpd to get. I might be making a change....
I tried vsftpd but couldn't get it to work behind NAT using a dynamic IP address (linked to a domain name from www.no-ip.com) and listening on a non-standard port. So, I went back to proftpd where the same scenario works like a charm.
Posting Permissions
Bookmarks