How to enable the FTP server (ftpd) in Lion: PLEASE DON’T

TUAW has a HOWTO on enabling the FTP server in Mac OS X Lion.

Please don’t.

FTP is insecure. Your password can be the single-most unbreakable string in the universe, but it doesn’t matter: it’s sent out over plain text. Moreover, anyone who’s been in the sysadmin game for more than 12 minutes has seen just about every FTP server get cornholed, literally cornholed, multiple times by securtity flaws.

The best thing the “technology community” can do is to actively discourage its use.

FTP over SSL is a better interim solution, if keeping “pure” the FTP protocol is required.

And enough about the damn “extra overhead” of SSH or SSL. We’re talking about a few bytes here, esp. when you’re on a LAN.

The sooner FTP dies, the closer we are to a world of endpoint secure protocols.

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s