PhillO
asked on
Securing ftp login
I need a way to allow my clients to log into my fedora 4 Apache 2.0.54 web server to download project files
My clients are not technically savy and seem to have an aversion to loading any additional software to access my server - its "too" difficult.???
In other words if i can just use Windows explorer, it would be the best solution for my clients.
After a lot of mucking around i have come up with the following conclusions (this is just so that i don't get suggestions for things i have already tried)
...I have set up webdav sucessfully on the server but windows explorer on xp systems only seem to connect without authenication and can't find the server if it uses ssl ( i may as well just use ftp. ie of no use whatsoever)
....I have setup an ftps server but windows explorer dosen't seem to know what thst is????
...Yes i know there is a host of ftps/ftp clients ranging from free to an amazing amount of $$. However my clients don't want to install free software so they sure as hell not going to pay for it.
..I have also looked at some web applets but I'm not convinced that they are the right solution...yet
Does anyone any brilliant solutions? Has anyone sucessfully got webdav to work for windows xp clients? i know this request is looking for a very narrow set of solutions but if it can be done, I would be greatful!!
One thing i was thinking was is there anyway to integrate https and ftp using redirects so that a client logs in using https and is then transfered to ftp to complete the transaction. I don't know... it was just a shot in the dark!!!
I really am only interested in preventing crackers/hackers from exploiting my machine and provide isolated folder access to different clients. Once a user is authenticated ftp transfer (whilst less than ideal because it is not encrypted) should be ok for the purpose.
Phill
My clients are not technically savy and seem to have an aversion to loading any additional software to access my server - its "too" difficult.???
In other words if i can just use Windows explorer, it would be the best solution for my clients.
After a lot of mucking around i have come up with the following conclusions (this is just so that i don't get suggestions for things i have already tried)
...I have set up webdav sucessfully on the server but windows explorer on xp systems only seem to connect without authenication and can't find the server if it uses ssl ( i may as well just use ftp. ie of no use whatsoever)
....I have setup an ftps server but windows explorer dosen't seem to know what thst is????
...Yes i know there is a host of ftps/ftp clients ranging from free to an amazing amount of $$. However my clients don't want to install free software so they sure as hell not going to pay for it.
..I have also looked at some web applets but I'm not convinced that they are the right solution...yet
Does anyone any brilliant solutions? Has anyone sucessfully got webdav to work for windows xp clients? i know this request is looking for a very narrow set of solutions but if it can be done, I would be greatful!!
One thing i was thinking was is there anyway to integrate https and ftp using redirects so that a client logs in using https and is then transfered to ftp to complete the transaction. I don't know... it was just a shot in the dark!!!
I really am only interested in preventing crackers/hackers from exploiting my machine and provide isolated folder access to different clients. Once a user is authenticated ftp transfer (whilst less than ideal because it is not encrypted) should be ok for the purpose.
Phill
ASKER
but won't the username and password be transmitted in plain text
phill
phill
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Okay Thanks
Phill
Phill
WExplorer does not know what sftp or ftps is, that's correct. What you could do to make it all safer is to turn off shell access for FTP clients and "jail" them to their directories.