Re: A wee caveat - the freeware WAR-ftp server (most versions)

From: Jarle Aase (jgaaat_private)
Date: Wed Oct 14 1998 - 00:36:34 PDT

Next message: security-alertat_private: "Cisco security notice: CSCdk43920 command history release"

Previous message: Kevin Littlejohn: "Re: Referer (was Patches for wwwboard.pl)"
Maybe in reply to: Mnemonix: "A wee caveat - the freeware WAR-ftp server (most versions)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

I can confirm that War FTP Daemon 1.70 beta does store the user database, including passwords, in 'clear' text. This is simply because the encryption module in the beta version of the new server is unimplemented at this time.

Under NT/NTFS, the user database can be protected using standard NT security.

The 'official' release (1.65/1.66x) does encrypt the user database, and so will beta 2 of 1.70.

-
Jarle Aase
Author of freeware.


For support/suggestions: alt.comp.jgaa (newsgroup)
For information: infoat_private(email, auto-responder)
Private Email: jgaaat_private
WWW: http://www.jgaa.com/
<no need to argue - just kill'em all!>

Next message: security-alertat_private: "Cisco security notice: CSCdk43920 command history release"
Previous message: Kevin Littlejohn: "Re: Referer (was Patches for wwwboard.pl)"
Maybe in reply to: Mnemonix: "A wee caveat - the freeware WAR-ftp server (most versions)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:19:35 PDT