Comments on ProFTPd: Enabling/Disabling TLS Based On User Or Group
ProFTPd: Enabling/Disabling TLS Based On User Or Group FTP is a very insecure protocol because all passwords and all data are transferred in clear text. By using TLS, the whole communication can be encrypted, thus making FTP much more secure. While this is a good thing, not all FTP clients support TLS. This article explains how to enable or disable TLS in ProFTPd based on the FTP user or group.
5 Comment(s)
Comments
This is exactly what I need. My good old Dreamweaver CS3 doesn't support FTP with TLS/SSL. So now I can force my ftp users to use TLS and me myself, on my local network, without TLS. :) Thanks Falco, great work! Guido
Opinion follows:
Most people using FTP really should be using a different, more secure, protocol like sftp.
The ProFTP servers have been hacked previously and back-doors added. http://www.zdnet.com/blog/security/open-source-proftpd-hacked-backdoor-planted-in-source-code/7787 Other FTP servers had similar issues too. We don't know if new issues exist or not. FTP servers are a big target for crackers, that is certain.
In the corporate world, FTP, rcp and telnet use was ended around 2000 due to password security concerns and FTP protocol complexities in firewalls.
These days, FTP should only be used when you want to share everything on the server with the entire world. The subtle differences between straight FTP or FTP over TLS/SSL is too confusing for the iOS crowd to understand. It is best to just use bit-torrent or http to share files to the entire world. If you want to restrict which files are shared with specific people, sftp would be better.
Proftpd can do SFTP too.
More on TLSRequired off per user see: http://www.proftpd.org/docs/contrib/mod_tls.html#TLSOptions
I guess you mix up FTPS and SFTP. ProFTPD supports FTPS (FTP over TLS) but not SFTP (which is FTP over SSH and is provided by the SSH daemon).
Yes is does.
With:
<IfModule mod_sftp.c>
in virtuals.conf