[I've been working on this response most of the afternoon between
lengthy disruptions -- it's probably not worth the wait. ;-) ]
"Stephen H. Goldstein" <steveg @
cseic .
saic .
com> wrote:
>Question 1:
>I'm curious as to why one would even bother with modifying FTP to use a
>different port. If it's so bad, why not serve up your files via Gopher
>or HTTP? Are they worse?
As a user, I prefer HTTP to FTP when fetching things. But what are the
system ramifications; how does HTTP compare to FTP & it's
implementations in terms of system resources for a large site? Being
stateless, its require a new TCP connection for each click, and current
implementations spawn a separate process for each connection. FTP
requires a new connection everytime you send a new directory listing
back, doesn't it? Also, don't know how current HTTP server
implementations can control the load on a server ala some ftpd's user
limits. What I do like about FTP for a loaded site is that, once you
get a connection, it's yours 'till you log off. With a load-throttled
httpd disallowing 4 out of 5 of your connection attempts, it would be a
lot harder to navigate a site, which is why I don't use my browser's
built-in FTP for popular servers.
HTTP might do for an outgoing-only anonymous FTP replacement. But HTTP
is unidirectional; I can set up an FTP server to allow people to send
me files, but not so with HTTP, and I can configure an FTP server to
change the modes on received files so that even the sender cannot
access them again. Anyone could conceivably fetch the file off my
friend's HTTP server meant for me, passwords notwithstanding.
>Question 2:
>Assuming that in the interest of protecting themselves everyone mods
>their FTP servers using approaches similar to IWI and Microsoft, how
>much risk to systems on the client side is added by loosening filters
>to compensate?
I'm looking forward to others' analysis of this. Seems that HTTP ought
to be able to pretty secure, esp. if you'd only allow GET methods and
code against buffer overruns in the URLs. If you want to use non-anon
passwords, it doesn't require any sort of actual account on the
machine, and is slightly (_very_ slightly; hardly worth mentioning)
more secure in that the passwords are not entirely plaintext, ala FTP.
What sort of protocol-level shenanigans are possible, though?
And to what degree does SSL &c. mitigate the problems?
-KH
(Don't know squat about gopher and am waiting for others to comment.)
|
|
