Secure control channel only
Moderator: Project members
Secure control channel only
I'm using FTP over TLS and would like the encryption to be used only on the control channel (and have the data channel be unencrypted)
Is there a way to get the filezilla client to do this? It looks like it's encrypting both channels
Thanks!
Dave
Is there a way to get the filezilla client to do this? It looks like it's encrypting both channels
Thanks!
Dave
Re: Secure control channel only
Any chance of getting this feature added?
I have a local home network and would like to keep my authentication credentials protected. I have no worries of data being tampered with in transit.
I have a local home network and would like to keep my authentication credentials protected. I have no worries of data being tampered with in transit.
Re: Secure control channel only
No, it makes no sense security-wise. What's the point protecting your credentials if the data gets tampered with?
Re: Secure control channel only
Well, it makes sense to me
I've got a gigabit network and some machines are older hardware.
The bottleneck becomes the overhead of encrypting the data channel, and I am stuck with slow transfer times since the CPU can't keep up.
If I choose to encrypt my password and not my data, then I have exposed myself in exactly 1 way: the data I transmitted may have been compromised. It's a trade off I'm willing to make.
If I am *forced* to send my password in the clear in order to take advantage of bandwidth, I have exposed myself in countless ways, as I have to assume that the entire user account has been compromised.
IMHO, this decision should be left up to the user, not dictated by the software.
I've got a gigabit network and some machines are older hardware.
The bottleneck becomes the overhead of encrypting the data channel, and I am stuck with slow transfer times since the CPU can't keep up.
If I choose to encrypt my password and not my data, then I have exposed myself in exactly 1 way: the data I transmitted may have been compromised. It's a trade off I'm willing to make.
If I am *forced* to send my password in the clear in order to take advantage of bandwidth, I have exposed myself in countless ways, as I have to assume that the entire user account has been compromised.
IMHO, this decision should be left up to the user, not dictated by the software.
Re: Secure control channel only
@botg: So, Filezilla always sends PROT P?
No support requests over PM! You will NOT get any reply!!!
FTP connection problems? Please read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
FileZilla Pro support: https://customerforum.fileZilla-project.org
FTP connection problems? Please read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
FileZilla Pro support: https://customerforum.fileZilla-project.org
Re: Secure control channel only
It tries at least.
Re: Secure control channel only
So, will this be added as a feature then?
-
- 226 Transfer OK
- Posts: 619
- Joined: 2005-11-02 06:41
Re: Secure control channel only
As he said, no, because it makes no sense security-wise.
The problem you have is that the overhead processing for encryption is too great. "Don't encrypt the data" is the wrong solution, so much so that there's no reason to change the software to allow the user to make such an unwise decision. Update or replace your hardware.
The problem you have is that the overhead processing for encryption is too great. "Don't encrypt the data" is the wrong solution, so much so that there's no reason to change the software to allow the user to make such an unwise decision. Update or replace your hardware.
Re: Secure control channel only
"allow the user to make such an unwise decision"
Might I remind you that the software already allows the user to make an even more unwise decision? That is clear command channel/clear data channel?
Update or replace your hardware? well there's a practical solution
So, the only option you give is that one has risk compromise of an entire user account instead of a single file? How exactly, is that secure?
Might I remind you that the software already allows the user to make an even more unwise decision? That is clear command channel/clear data channel?
Update or replace your hardware? well there's a practical solution
So, the only option you give is that one has risk compromise of an entire user account instead of a single file? How exactly, is that secure?
Re: Secure control channel only
I'd really like to know where in the program you found the feature to send CCC/CDC? Note that 'Enter custom command' doesn't count, as you can type any nonsense there.
No support requests over PM! You will NOT get any reply!!!
FTP connection problems? Please read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
FileZilla Pro support: https://customerforum.fileZilla-project.org
FTP connection problems? Please read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
FileZilla Pro support: https://customerforum.fileZilla-project.org
-
- 226 Transfer OK
- Posts: 619
- Joined: 2005-11-02 06:41
Re: Secure control channel only
He means basic FTP, I assume.
Personally, I only use FTP when I'm not allowed to use anything else (web hosts), I don't need security, or I'm on a trusted private network.
Personally, I only use FTP when I'm not allowed to use anything else (web hosts), I don't need security, or I'm on a trusted private network.
Re: Secure control channel only
Ok, so we've established that adding this feature would be no less secure than a one already included in the product (basic FTP, and therefore does make sense security-wise. We've also established that there is a clear use case for the feature. Will this feature be implemented?
-
- 226 Transfer OK
- Posts: 619
- Joined: 2005-11-02 06:41
Re: Secure control channel only
Not any time soon, if at all. A feature that allows users to connect without security when they could connect to the same server with it (this feature is only useful for connecting to FTPS servers) is fairly low priority. FileZilla 3 hasn't even reached feature parity with FileZilla 2.
If you need it, try CuteFTP Pro 8. The site manager in that program has an option for what you want, and a single license is only $60.
If you need it, try CuteFTP Pro 8. The site manager in that program has an option for what you want, and a single license is only $60.
Re: Secure control channel only
If I need security, I go for the complete experience. Why should I be only half secure if I can be fully?
No support requests over PM! You will NOT get any reply!!!
FTP connection problems? Please read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
FileZilla Pro support: https://customerforum.fileZilla-project.org
FTP connection problems? Please read Network Configuration.
FileZilla connection test: https://filezilla-project.org/conntest.php
FileZilla Pro support: https://customerforum.fileZilla-project.org