Link to home
Start Free TrialLog in
Avatar of PhillO
PhillOFlag for Australia

asked on

Securing ftp login

I need a way to allow my clients to log into my fedora 4 Apache 2.0.54 web server to download project files

My clients are not technically savy and seem to have an aversion to loading any additional software to access my server - its "too" difficult.???
In other words if i can just use Windows explorer, it would be the best solution for my clients.

After a lot of mucking around i have come up with the following conclusions (this is just so that i don't get suggestions for things i have already tried)

...I have set up webdav sucessfully on the server but windows explorer on xp systems only seem to connect without authenication and can't find the server if it uses ssl ( i may as well just use ftp. ie of no use whatsoever)

....I have setup an ftps server but windows explorer dosen't seem to know what thst is????

...Yes i know there is a host of ftps/ftp clients ranging from free to an amazing amount of $$. However my clients don't want to install free software so they sure as hell not going to pay for it.

..I have also looked at some web applets but I'm not convinced that they are the right solution...yet

Does anyone any brilliant solutions? Has anyone sucessfully got webdav to work for windows xp clients? i know this request is looking for a very narrow set of solutions but if it can be done, I would be greatful!!

One thing i was thinking was is there anyway to integrate https and ftp using redirects so that a client logs in using https and is then transfered to ftp to complete the transaction. I don't know... it was just a shot in the dark!!!

I really am only interested in preventing crackers/hackers from exploiting my machine and provide isolated folder access to different clients. Once a user is authenticated ftp transfer (whilst less than ideal because it is not encrypted) should be ok for the purpose.

Phill
Avatar of m1tk4
m1tk4
Flag of United States of America image

if you type ftp://user:password@server in Windows Explorer location line (!!!NOT INTERNET Explorer) it will open your FTP directory just as another folder and you can drag and drop files there just like to another drive or folder on your local pc.

WExplorer does not know what sftp  or ftps is, that's correct. What you could do to make it all safer is to turn off shell access for FTP clients and "jail" them to their directories.
Avatar of PhillO

ASKER

but won't the username and password be transmitted in plain text

phill
ASKER CERTIFIED SOLUTION
Avatar of m1tk4
m1tk4
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of PhillO

ASKER

Okay Thanks

Phill