On Wed, May 12, 2004 at 09:33:22AM -0500, Johnny Fulcrum wrote: > On Wed, 12 May 2004 09:12:12 -0500, Dan Rue <drue at therub.org> wrote: > > anonymous refers to actually loging in as the virtual ftp user "anonymous" > (not a real username on the system) There's a whole set of config options > for this "user" - like if the anonymous user can upload, download, read, > write etc. From what I know it's more secure than letting real users > login. > > Oh yeah - I've said this over and over... hence the eason I'm going with > anonymous access - not real usernames/passwords will go accross the wire. > Well, I disagree. You can make a user with the same restrictions as the user your were going to make anonymous - so it would be like an anonymous user, but with a username/password. As Chad pointed out, it's not a lot better - but I think it is better. Anon access anyone can get on. At least with a username/pass, you're limiting the amount of people that can discover that username through sniffing or whatever. Then, if someone discovers the username/pass - they're still no better off than if your server had anon access. I would really avoid anon. It's not meant as a form of security - it's meant to allow many people access a set of files. If you have just a few users, it makes _no sense_ to use anon like this. dan _______________________________________________ TCLUG Mailing List - Minneapolis/St. Paul, Minnesota Help beta test TCLUG's potential new home: http://plone.mn-linux.org Got pictures for TCLUG? Beta test http://plone.mn-linux.org/gallery tclug-list at mn-linux.org https://mailman.real-time.com/mailman/listinfo/tclug-list