Syscrusher wrote:
On Wed, 2010-01-27 at 11:42 -0800, Domenic Santangelo wrote: I run a coop server where some of the clients are *NIX users, some clueful Windows users, and some clueless Windows users. The *NIX and clueful Windows users all use SSH and SFTP, but the clueless Windows users refuse to use PuTTY or anything like it because "Microsoft FrontPage supports FTP!!!!". (Not all the sites on the server are Drupal.)
Microsoft FrontPage FTP is just as insecure as any FTP. That's a horrible excuse. I'm sure you'll find that the recommended practice from any vendor if you have to use FTP is to use a VPN. There are lots of software packages which are easier to use than PuTTY for file transfer. I have convinced many non-technical clients to use WinSCP over the years; it's very similar to most Windows tools. If they're referring to "publishing" from FrontPage or another legacy software to the site via FTP, make them use stunnel or PuTTY tunneling or a local FTP to SFTP gateway. There are many good solutions to this problem. Speak up! You're responsible for the security of your servers, so don't let anyone else make poorly-informed security decisions in your name! If they won't do it, raise a stink and insist on a signed release of liability for the inevitable loss of business from using bad practices. Every compromised account gives these abusers more encouragement to keep writing new attacks. </fire and brimstone> JT