ftpd leaks info which might be useful to an attacker

Nelson H. F. Beebe beebe at math.utah.edu
Wed Sep 14 18:07:53 UTC 2016

Matthew Seaman <matthew at FreeBSD.org> writes today:

>> About the only useful way to use FTP any more is for anonymous read-only
>> access to download stuff from an archive -- and in that use case, a web
>> server is generally a much better choice.  FTP as a protocol is archaic
>> and needs to die.

I agree with the first point (up to the dash), but strongly disagree
with the second: FTP provides directory listing capability, whereas
HTTP does not.  I use "dir -tr" in FTP connections quite frequently,
and I find the timestamps in the directory listings critical
information that is routinely lost at many HTTP-only sites.

- Nelson H. F. Beebe                    Tel: +1 801 581 5254                  -
- University of Utah                    FAX: +1 801 581 4148                  -
- Department of Mathematics, 110 LCB    Internet e-mail: beebe at math.utah.edu  -
- 155 S 1400 E RM 233                       beebe at acm.org  beebe at computer.org -
- Salt Lake City, UT 84112-0090, USA    URL: http://www.math.utah.edu/~beebe/ -

More information about the freebsd-security mailing list