Domain: proftpd.net
Stories and comments across the archive that link to proftpd.net.
Comments · 10
-
Re:Well that's good and all, but
try proFTPd Its like the Apache of the FTP world.
-
Go with something more secure.
As we are all aware, Wu-FTPd is insecure, buggy, and, for the most part, a thrown together hack. All of you wu-ftpders could eliminate (or at the least dramatically reduce) your problems by using one of the following:
ProFTPd: the ftpd that I prefer most. It was designed with security in mind (wow, rhyme) and its configuration is akin to Apache's.
PureFTPd: a relative newcomer; said to be fairly secure. Based upon TrollFTPd.
If you're an administrator that prefers security over convenience, you may wish to check into secure FTP or simply use SSH to transfer files. Like many "old style" daemons, FTP transmits sensitive data (namely passwords) without any type of encryption applied. Just remember: system security depends only on the competence of your administrator. Most administrators (at least myself and those that I know) refuse to touch wu-ftpd with a fifty foot pole. -
wu-ftpd has had lots of security issues
You should be using ProFTPD anyway.
-
Another globbing bug?
AIRC, this type of exploit has been the bane of WuFTPD's existance; one of the reasons I switched to ProFTPD some time ago. Much better security history.
Besides; if you're running a public FTP and it's not in a chroot jail, you are a moron anyways. -
Re:When in doubt, stick with what works.
Apache is for HTTP
.. for FTP you need some sort of FTP daemon. wu-ftpd is around .. but is also one of the largest security holes known to man (or woman).
ProFTPD might be better.. can't say yet for sure as I don't really do any FTP serving.
-- -
Re:proftpd can work with virtual hosts
-
proftpd can work with virtual hosts
I don't know why every is saying that ftp can't work with virtual host names when there is a proftpd config for it.
-
Re:A useful admin tool I'd like to see..
I think a project whose job would be to take many modern day UNIX configuration files (/etc/*) and translate them into XML formatted files would be quite useful.
This is a very interesting suggestion, and it may actually receive some enthusiasm. There are actually a couple software projects that I can think of that use an XML-like configuration file (take note of the "<DIRECTORY>" directives). Apache(example) and ProFTPd(example). Xinetd has a configuration file format that could easily be XML'ified, as could SAMBA.
Frankly, providing a generic, hierarchical, XML-formatted configuration file parser would be EXTREMELY useful. Personally, I'm ready to rip out Apache's or Proftpd's config parsers for my own projects and modify them accordingly.
Another interesting software project to take a look at if XML configuration files is something that appeals to you is Everybuddy, an all-in-one Internet Messanger client.
-
Re:Hmm...
Well, the expat library already exists and seems to be quite defacto under Unix.
At least, PHP and Apache use it, and well. And a couple of other utilities and CPAN modules. I've come across. It's fast, small, and not full of unneccessary crap.
Anyway, utilities like Apache and ProFTPD already have meta XML config scripts, and a fair few perl scripts that make use of XML::* as well.
I don't think I like the idea of having a dynamic XML library, and your entire /etc filesystem depending on it. What do you do when it breaks? It's like screwing up your LD.so.1 ... ow :)
Still, a standard, easy to use DOM for utilities would be nice, perhaps some kind of extension of the GetOpt stuff would work? It's succeeded largly because it's there and easy to use, and an XML standard would have to do the same. -
ProFTPD
I'm the maintainer/developer of ProFTPD. Just a couple of notes to those who've already responded here:
1) ProFTPD has very loud notices saying that anything before 1.2.0pre8 is not to be considered secure.
2) On the whole, ProFTPD has had far, far, far fewer security issues and exploits out there than any other open-source FTP server. We take security seriously, and have always responded quickly to security issues. The code has undergone a couple of audits now. No, that doesn't mean it's 100% secure, but it does mean we've taken a close look at it, and are endeavoring to make it as secure as we can.
3) ProFTPD, when properly configured, will not run as root or with root privileges except for very limited periods for specific actions. Compiling ProFTPD with capabilities support on Linux is definitely the recommended configuration.
4) The official ProFTPD web site is www.proftpd.net.
5) The latest version of ProFTPD is 1.2.0pre9. 1.2.0final will be out this week sometime.