Thread: vsftpd
View Single Post
Old 03-16-2012, 02:13 PM   #8
rkomar
Wizard
rkomar ought to be getting tired of karma fortunes by now.rkomar ought to be getting tired of karma fortunes by now.rkomar ought to be getting tired of karma fortunes by now.rkomar ought to be getting tired of karma fortunes by now.rkomar ought to be getting tired of karma fortunes by now.rkomar ought to be getting tired of karma fortunes by now.rkomar ought to be getting tired of karma fortunes by now.rkomar ought to be getting tired of karma fortunes by now.rkomar ought to be getting tired of karma fortunes by now.rkomar ought to be getting tired of karma fortunes by now.rkomar ought to be getting tired of karma fortunes by now.
 
Posts: 2,986
Karma: 18343081
Join Date: Oct 2010
Location: Sudbury, ON, Canada
Device: PRS-505, PB 902, PRS-T1, PB 623, PB 840, PB 633
Quote:
Originally Posted by janek View Post
True, this is a serious security drawback, but still the server doesn't run as a deamon. You need to start it manually and then close the app before reading anything, so there's a minimal window for anyone to log in.
I would probably risk it, as well, but I was addressing the question of why Onyx didn't provide it by default. They would open themselves up to all kinds of grief over the security issue. The current situation seems to be a pretty good compromise.

Edit: It looks like the secure_email_list_enable option in vsftpd.conf can be used to enable passwords for anonymous logins (in the /etc/vsftpd.email_passwords file).
Last edited by rkomar; 03-16-2012 at 02:21 PM.
rkomar is offline   Reply With Quote