Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 242
  • Last Modified:

Securing ftp login

I need a way to allow my clients to log into my fedora 4 Apache 2.0.54 web server to download project files

My clients are not technically savy and seem to have an aversion to loading any additional software to access my server - its "too" difficult.???
In other words if i can just use Windows explorer, it would be the best solution for my clients.

After a lot of mucking around i have come up with the following conclusions (this is just so that i don't get suggestions for things i have already tried)

...I have set up webdav sucessfully on the server but windows explorer on xp systems only seem to connect without authenication and can't find the server if it uses ssl ( i may as well just use ftp. ie of no use whatsoever)

....I have setup an ftps server but windows explorer dosen't seem to know what thst is????

...Yes i know there is a host of ftps/ftp clients ranging from free to an amazing amount of $$. However my clients don't want to install free software so they sure as hell not going to pay for it.

..I have also looked at some web applets but I'm not convinced that they are the right solution...yet

Does anyone any brilliant solutions? Has anyone sucessfully got webdav to work for windows xp clients? i know this request is looking for a very narrow set of solutions but if it can be done, I would be greatful!!

One thing i was thinking was is there anyway to integrate https and ftp using redirects so that a client logs in using https and is then transfered to ftp to complete the transaction. I don't know... it was just a shot in the dark!!!

I really am only interested in preventing crackers/hackers from exploiting my machine and provide isolated folder access to different clients. Once a user is authenticated ftp transfer (whilst less than ideal because it is not encrypted) should be ok for the purpose.

Phill
0
PhillO
Asked:
PhillO
  • 2
  • 2
1 Solution
 
m1tk4Commented:
if you type ftp://user:password@server in Windows Explorer location line (!!!NOT INTERNET Explorer) it will open your FTP directory just as another folder and you can drag and drop files there just like to another drive or folder on your local pc.

WExplorer does not know what sftp  or ftps is, that's correct. What you could do to make it all safer is to turn off shell access for FTP clients and "jail" them to their directories.
0
 
PhillOAuthor Commented:
but won't the username and password be transmitted in plain text

phill
0
 
m1tk4Commented:
yes they will, that's why you need to disable shell access, but that's the only way where you "can just use Windows explorer" and therefore "it would be the best solution for [your] clients".
0
 
PhillOAuthor Commented:
Okay Thanks

Phill
0

Featured Post

Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now