how do i protect my password using front page and FTP?

[JoeS]

We are going to publish a site developed with Front Page 2003 to a server
that does not have Sharepoint or MS Ext. We have been told that FP using FTP
option to publish is not secure and the password to publish can be viewed. We
have to use SmartFTP. Is this true? Anyway to publish without a 3rd party?
thanks
Joe

 

[Andrew Murray]

Feel frree to use any FTP program you like.

I don't know why should the FTP mode in FP would be any more vulnerable than
any other FTP program....?



We are going to publish a site developed with Front Page 2003 to a server
that does not have Sharepoint or MS Ext. We have been told that FP using
FTP
option to publish is not secure and the password to publish can be viewed.
We
have to use SmartFTP. Is this true? Anyway to publish without a 3rd party?
thanks

 

[JoeS]

I have been told by my network support that Front Page does not encrypt the
password when it is sent to the server. Do you know if this is true?

 

[Steve Easton]

FrontPage uses the Internet settings from Internet Explorer.

I have never heard of the issue your "network support" has mentioned.


--
Steve Easton
Microsoft MVP FrontPage
FP Cleaner
http://www.95isalive.com/fixes/fpclean.htm
Hit Me FP
http://www.95isalive.com/fixes/HitMeFP.htm

 

[JoeS]

The issue is the id and password being passed to the server in an open
format. I have been told that Dreamweaver uses a secure connection to protect
the password when publishing using FTP. Is there a way to do this with FP?

 

[Steve Easton]

The ID and password are "Not" sent by FrontPage.
They are sent with the same security restrictions that are in
place for Internet Explorer.
Internet Explorer transmits them, not "FrontPage."


--
Steve Easton
Microsoft MVP FrontPage
FP Cleaner
http://www.95isalive.com/fixes/fpclean.htm
Hit Me FP
http://www.95isalive.com/fixes/HitMeFP.htm

 

[Mark Fitzpatrick]

FrontPage does not use Secure FTP, which is something else other than
standard FTP. FTP itself does not encrypt files so it's not FrontPage's
fault, that's just the way the FTP standard works as it was created way back
in the 70's. In your case, the host may have some very specific security
implementations on their end that are not part of the FTP standard which is
why a particular client such as SmartFTP is required. Usually instead of
transmitting the password enecrypted it is still passing it in clear text,
but instead makes use of SSL encryption to encrypt the entire transmission,
just like you see when your're using a shopping cart checkout on a web site.

Hope this helps,
Mark Fitzpatrick
Microsoft MVP - FrontPage

 

[Funkadyleik Spynwhanker]

The issue is the id and password being passed to the server in an open
format. I have been told that Dreamweaver uses a secure connection to
protect
the password when publishing using FTP. Is there a way to do this with FP?

Yes, it is true that FP sends an FTP password in plain text (which could be
sniffed, VERY UNLIKELY, but possible, I would worry more about your password
getting brute-forced on the server itself).

Note however, that is a limitation of FTP, not FrontPage. _ALL_ FTP
programs send in plain text. If you use FTP, you are sending your password
in plain text. Period.

Your IT folks are giving you a line of bullshit so you don't use FrontPage
or are simply ignorant.

You can use various forms of encrypted FTP, they however require a program
that supports it (FrontPage does not) and a SERVER that supports it.

So ask them if the server supports secure FTP file transfer, and if they say
no, then tell them to STFU. If they say yes, get a program and use that.
FP does nothing more than a regular FTP program (that is, put files on the
server that have been saved and created on your hard drive) so you can just
switch programs used to transfer, and continue to use FrontPage to edit.