One of the biggest security problems about the whole FTP protocol is the need to have the password transmitted in clear text across the network. In effect the username and passowrd pair are available at all times during the authentication sequence, resulting in this information being available to crackers and sniffers alike.
Currently (as of 1.2.0pre9) Proftpd does not support encrypted passwords for authentication. Development for this feature is scheduled for post 1.2.0rel1, and it will remove the absolute need to send the password in clear text over the network. There are some additional approaches involving ssh (secure shell) which I will not cover in detail in this text which can be used to secure a ftp session without encrypted keys.
This is a bad idea simply because it's a major security risk to send the root passowrd in clear text over any network. If there is a need to get files onto a server there are always better ways of achieving it than connecting via ftp as root.
If you really must ftp as root then our thoughts go with you on this dangerous journey as you add "RootLogin on" to your proftpd configuration and may your god go with you.
| Prev | Zmey`s Home | Themes Wordpress | Home | Next |
| Daemon security | Up | Server attacks |