2013-09-24 06:34
浏览 75


Im working on a project that is currently using goftp found in goftp to upload some files into a website directory where it is used and viewed by the website.

I am know questioning the security of this setup, so I have looked into ssh and sftp for golang, but I'm running into problems and it's just a big headache, since I'm new with golang.

My question is, what are the security threats or problems of just using goftp and are there more secure alternatives?

Thanks in advance!

图片转代码服务由CSDN问答提供 功能建议

我在一个正在使用 goftp 会将一些文件上传到网站目录中,供网站使用和查看。 < p>我知道对此设置的安全性提出质疑,因此我对ssh和sftp进行了golang的研究,但是由于遇到了golang的新手,我遇到了很多麻烦,而且令人头疼。 \ n

我的问题是,仅使用 goftp ,还有其他更安全的选择吗?


  • 写回答
  • 好问题 提建议
  • 关注问题
  • 收藏
  • 邀请回答

1条回答 默认 最新

  • duanfan8699 2013-09-24 07:17

    All plain FTP servers are inherently insecure as they authenticate using plain text over an unencrypted link. This means that anyone on the same network (in particular WiFi networks) can sniff the network traffic and easily extract the username and password used to authenticate.

    You've already mentioned some of the recommended alternatives, SSH and SFTP. SSH provides the means to use SCP to transfer files securely. SFTP also uses the underlying transport provided by SSH. There is also FTPS which uses standard FTP over an SSL encrypted connection.

    Have a look at this link for more information on the differences between the protocols.

    In researching Go libraries for FTP I came across a mention that the library breaks on multi-line responses.

    It's highly recommended to use a more secure protocol than plain FTP so you would be better served by looking at SCP/SFTP/FTPS solutions. Here's a Github Gist claiming to be an example of using SCP in Go. That could be a good starting point.

    解决 无用
    打赏 举报

相关推荐 更多相似问题