Jim Cornette wrote: > If you are getting information that is not confidential, why worry if > you are using sftp or ftp? If it is sniffed there is no loss. akonstam@xxxxxxxxxxx replied: > Well first as a mea culpa gftp handles sftp . > Second, It is you passwd that you don't want sniffed so sftp is > important for security. That's assuming that you don't want an FTP program for anonymous FTP (in which case there is no secret password to sniff). It's not that unusual a requirement. In the second case, it also assumes that any password is actually worthwhile. If the username and password are also valid for an SSH login, then you certainly don't want random hackers getting hold of them. But if it's for a well-secured FTP-only site and account, then all a potential attacker can do is store data on the machine (and that depends on the configuration). That used to be useful, but these days, I'd say the value of it is effectively zero. If the data is legal, Gmail is a better (and safer) storage site. If it's illegal, then a compromised FTP site is too likely to be spotted by the owner -- much better to get a rooted box that can hide the data from the owner. There is, of course, the usual worry about holes in Internet-facing software. But it's not really more serious for FTP software than it is for a Web server or an e-mail server. You're also assuming that there aren't other security measures (VPN, or a trusted network) in place. James. -- E-mail address: james | I must refute the rumour that one of our team members @westexe.demon.co.uk | walks on water. Although it's true that Barry Cryer | runs on lager... | -- "I'm Sorry, I Haven't A Clue", BBC Radio 4