xml-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mike Brown <m...@skew.org>
Subject Re: location of /dist/ directory
Date Wed, 10 Nov 1999 17:53:34 GMT
> The question in part is if we do this on hyperreal/taz. And I can imagine
> that that is no longer the right place. I have to agree with brian there.

Maintaining FTP service on hyperreal/apache.org has been a pain the arse,
complicated by factors such as:
 - inconsistent, poorly documented or downright buggy configuration
 - security holes in stock FTP servers
 - security holes in replacement FTP servers (the wu-ftpd based ones
   are the best, feature-wise, but are having to be patched a couple
   times a year, at least
 - a history of forked development of wu-ftpd based servers
   (which I believe may be close to being resolved.. I haven't
   really been paying attention since installing BeroFTPD in March)
 - FTP servers' ridiculous overhead (12 or more simultaneous xfers
   send our load average through the roof)
 - keeping the FTP directories in the same place as the public web
   directories, thereby allowing idiots who follow an ftp:// link
   to browse the entire domain via FTP in their browser
 - dumb web browsers that open up multiple simultaneous connections
   for a single file transfer

Another thing that sucks about FTP (and POP) is the almost nonexistent
security on authentication. Our server supposedly can use multiple
password files, but I couldn't get it to work.

On top of that we have Brian's wish list for FTP service as of earlier
this year:

1) On 127.0.0.1 accepts user-based FTP, but tells 
   the client to initiate the data connection to taz's IP #
   (this will undoubtably require some slight hacking)
   This is to make FTP-over-SSH as described in the ssh pages on
   taz the only option for FTP.
2) On taz.hyperreal.org accepts FTP-only users only
3) Still supports anonymous FTP on apache.org

"I think eventually I'd like to phase out #2 and replace it with some sort
of web submission form that involves file-upload and is
password-protected."

Right now I have it set up so that FTP to any of our IPs connects to the
one BeroFTPD server that uses /www/apache.org as the root for anonymous
users and still accepts any user logins, not just the ones with FTP-only
(no shell) accounts.

I went with BeroFTPD because at the time (Feb/Mar) it was ahead of the
other wu-ftpd derivatives, feature-wise, and Bero seemed to be intent on
keeping it up to date. That lasted about a month. :)

Anyway, if anyone wants to work on setting up a different FTP system here
or elsewhere, that's fine by me. Security is kind of important because if
someone could slip a trojan into an Apache distribution... yow.

   - Mike
________________________________________________________________________
 Mike Brown / Hyperreal   |  Hyperreal http://www.hyperreal.org/music/
 PO Box 61334             |     XML & XSL http://www.skew.org/xml/
 Denver CO 80206-8334 USA |       http://www.hyperreal.org/~mike/

Mime
View raw message