Is ftp connection to secure server in c++ program secure with libcurl?I need to make a client program that will receive and write data to the host.
FTP is insecure, it transfers data, user names & passwords in the clear. Don't use it. Use either https, scp or sftp.
Related
I've scenario where ftp client and server are separe with a proxy server.
I want to insert ip source address into ftp client payload so that the ftp server can retrieve it.
The problem is that i don't know how to proceed.
Help me out please.
With regards.
FTP is text-based protocol.
If you can re-implement both the client and the server, just make them understand a new command for your purpose.
E.g. you can have the client send a XIP command just after authentication (or even before, if you need):
XIP 203.0.113.0
The server will just parse the IP and respond something like this (to follow the FTP specification):
200 OK
And then carry on as in a normal FTP session.
Our client needs to upload their database to the server and it looks like it is impossible to create a SFTP connection in JavaScript and FTP is not secure (and FTPS has issues).
Is using a HTTPS connection and posting a multipart form a viable alternative to SFTP?
Is HTTPS upload over post form multpart as secure as SFTP?
If you have up-to-date browser, up-to-date server (setup to accept reasonable algorithms) and reasonable certificate (that validates) the HTTPS is secure the same way as SFTP is (using reasonable algorithms in SSH and properly validating host keys).
Transferring files is secure as transferring any other confidential information using HTTPS (the banks/card payment services do that all the time).
I have a client trying to upload multiple files to FTP server in passive mode.
The client sends PASV command and the server responds with the relevant ip and port.
Is it possible to send multiple files on this one data connection? or the client need to send the PASV command and get a new port for each file?
Since the only indicator of the end of file is the close of the connection and because you cannot transfer any more data after the connection has closed, you will not be able to transfer more than one file using the same data connection.
But, maybe you tried to ask a different question, that is if is possible to have multiple data transfers (and thus multiple data connections) after a single PASV command? I can see nothing in RFC959 which directly would prevent this and reusing the same target port on the server. And because access would be done from different source ports on the client this should also not give problems with TCP connection states. But, in practice you will probably see problems because if you try to use this from the client side, because lots of servers create the listener only for a single data connection. So you better precede each data transfer with a new PASV command, like existing clients do.
so the case is: Client is in ftp session with server and how could i corrupt the connection so user would have to reconnect again? I'm thinking about blocking the clients ftp port, how could i accomplish that?
Simple thing to do is to add and enable a firewall rule from the Control Panel. You can even do it programmatically with the Windows Firewall API including from script.
As there are two questions about Passive vs. Active FTP mode
Passive FTP instead of Active FTP
What is the difference between active and passive FTP?
And if we kindly omit existence of FTP over SSH or FTPS (aka FTP with SSL/TLS)
What are security pros and cons of using Passive FTP?
My question comes out from experience that nearly every FTP I've came to touch with, was using Passive mode. So if it wasn't result of internal security policy, than please what is the motivation for using Passive FTP mode?
FTP is not secure, and never will be. The only reason to use passive ftp is that it works through any kind of firewall, as all connections are initiated by the client. Active FTP has the server connecting BACK to the client to initiate data transfers, which dumb firewalls will disallow, as they have no way to know that the incoming connection is related to the FTP connection and should be allowed through.
Passive FTP is easier to get through firewalls. For "active" FTP, the client has to be connectable from the internet, for passive ftp, that burden is on the server.