Securing ftp login

Posted on 2006-04-22
Last Modified: 2010-04-22
I need a way to allow my clients to log into my fedora 4 Apache 2.0.54 web server to download project files

My clients are not technically savy and seem to have an aversion to loading any additional software to access my server - its "too" difficult.???
In other words if i can just use Windows explorer, it would be the best solution for my clients.

After a lot of mucking around i have come up with the following conclusions (this is just so that i don't get suggestions for things i have already tried)

...I have set up webdav sucessfully on the server but windows explorer on xp systems only seem to connect without authenication and can't find the server if it uses ssl ( i may as well just use ftp. ie of no use whatsoever)

....I have setup an ftps server but windows explorer dosen't seem to know what thst is????

...Yes i know there is a host of ftps/ftp clients ranging from free to an amazing amount of $$. However my clients don't want to install free software so they sure as hell not going to pay for it.

..I have also looked at some web applets but I'm not convinced that they are the right solution...yet

Does anyone any brilliant solutions? Has anyone sucessfully got webdav to work for windows xp clients? i know this request is looking for a very narrow set of solutions but if it can be done, I would be greatful!!

One thing i was thinking was is there anyway to integrate https and ftp using redirects so that a client logs in using https and is then transfered to ftp to complete the transaction. I don't know... it was just a shot in the dark!!!

I really am only interested in preventing crackers/hackers from exploiting my machine and provide isolated folder access to different clients. Once a user is authenticated ftp transfer (whilst less than ideal because it is not encrypted) should be ok for the purpose.

Question by:PhillO
    LVL 15

    Expert Comment

    if you type ftp://user:password@server in Windows Explorer location line (!!!NOT INTERNET Explorer) it will open your FTP directory just as another folder and you can drag and drop files there just like to another drive or folder on your local pc.

    WExplorer does not know what sftp  or ftps is, that's correct. What you could do to make it all safer is to turn off shell access for FTP clients and "jail" them to their directories.

    Author Comment

    but won't the username and password be transmitted in plain text

    LVL 15

    Accepted Solution

    yes they will, that's why you need to disable shell access, but that's the only way where you "can just use Windows explorer" and therefore "it would be the best solution for [your] clients".

    Author Comment

    Okay Thanks


    Featured Post

    How to run any project with ease

    Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
    - Combine task lists, docs, spreadsheets, and chat in one
    - View and edit from mobile/offline
    - Cut down on emails

    Join & Write a Comment

    Hello EE, Today we will learn how to send all your network traffic through Tor which is useful to get around censorship and being tracked all together to a certain degree. This article assumes you will be using Linux, have a minimal knowledge of …
    BIND is the most widely used Name Server. A Name Server is the one that translates a site name to it's IP address. There is a new bug in BIND (, affecting all versions of BIND 9 from BIND 9.1.0 (inclusive) thro…
    Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…
    This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

    746 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    19 Experts available now in Live!

    Get 1:1 Help Now