On 03/10/02 11:34 -0400, Paul D. Robertson wrote: > On Thu, 3 Oct 2002, Anton A. Chuvakin wrote: > > > >proftpd, vsftpd, pureftpd > > >... > > >Postfix/Qmail > > >... > > > > Is there any evidence that helps decide whether its more secure because > > its written better or because its used less? > > (A) Project history- Postfix and Qmail have held up well, proftpd erm, > hasn't. I haven't followed the other two, since FTP is on my list of "Horribly > broken protocols I'll never support." I'll agree wuith this. Proftpd has not had a showstopping bug except for a DOS due to globbing (IIRC). There have been minor bugs, but none of them were the security kind. I haven't runa ftpd for quite some time, and when I was looking (about Nov/Dec 2000), proftpd was the best choice due to its easy config and relative security. Current status is a wholly differnt issue. > (B) Look at the code. This always works, but its a question of time on the security people's part. > (C) Developer history. Good stance to go by for first filtering. > (D) Developer's understanding of the protocol and its weaknesses. Difficult to judge rapidly. Since the weaknesses are usually at the boundaries. Also, the developers understanding of the language used. Devdas Bhagat _______________________________________________ firewall-wizards mailing list firewall-wizardsat_private http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
This archive was generated by hypermail 2b30 : Fri Oct 04 2002 - 06:17:02 PDT