FTP through ssh is only able to secure the control channel and does not
protect the data channel.
Better methods of file transfer over ssh are sftp, scp or rsync. If you want
to use the FTP protocol and need it secure look at TLS FTP
-----Original Message-----
From: Scott, Richard [mailto:Richard.Scott_at_BestBuy.com]
Sent: Tuesday, 13 January 2004 9:11 AM
To: webappsec_at_securityfocus.com
Subject: Secure FTP
Forum,
Does anyone have any experience with any frameworks for Java and .Net
for implementing secure FTP. I would like to review some products that
have good interoperability with licensed versions of SSH.
The scenario that I am envisioning is such:
Application A uses a framework to built a secure FTP to a licensed
secure FTP server.
Application A uses a framework to built a secure FTP to a licensed
secure SSH Server.
I've seen some messy implementations of code calling SSH clients through
shells, and I want to avoid that. Ideally the framework supports X509.
I want a clean method of using secure FTP programmatically such that I
can cleanly cpature exceptions etc.
Any recommendations?
Richard Scott
Global Information Protection
BestBuy Corporate Campus
7601 Penn Ave, South.
Richfield, 55423. USA.
The views expressed in this email do not represent Best Buy
or any of its subsidiaries
Received on Jan 13 2004
Intro
