Topic: p/w security ftp or www & indexer

[Ray Mitchell]

Dear All

I posted this a couple of days ago on the General forum with no response yet. Perhaps an experienced user could answer it for me ?

I want to know if it is more secure to use a password protected ibay and access files from the web via www with indexer installed, compared to using ftp access without indexer ?

My understanding is that the ftp protocol is inherently insecure, ie if I have a password protected ibay and enable ftp access, (ftp://ibayname@ftp.mydomain) then it is possible for the password to be captured by unauthorised means.

If I use the lophty indexer program or Shad Lords dirindexer and access via www instead of ftp, and enable my ibays for password protected access, and then access these via www.mydomain/ibayname and password, does this give me secure access to files in that ibay, ie is my password safe from unauthorised eyes, robots, hackers etc.

Thanks & Regards
Ray Mitchell

[Dan Brown]

If you access the files via http://whaever, it is just as vulnerable as with FTP.  If you want security, you'll need to require https, which will probably require custom template fragements.

[Ray Mitchell]

Thanks Dan, that spells it out nice and simply for me.
Regards
Ray Mitchell

[Charlie Brady]

Dan Brown wrote:

>  If you want security, you'll need to
> require https, which will probably require custom template
> fragements.

Are you sure. I haven't checked, but I had thought that anything which was visible via http will also be visible via https. If you meant that enforcing https would require custom template fragments, then you could very well be right.

Charlie

[Dan Brown]

What I meant was that requiring https (i.e., enforcing that requirement) would require custom templates (and I see that my typing is way downhill today).