FTP Security

[stagebrace]

Something I learned this weekend.
Are you using a secure FTP connection? Without it, every time you transfer the configure.php file from your pc to the hosts server you give the world your database username and password. I must have given it out at least a hundred times. Its time to change database names, usernames and passwords and get your host to allow an explicit or implicit SSL FTP connection! After the SSL connection has been created, all the transfers will be encrypted, even the FTP username and password.

Comments?

[kobra]

Interesting point and one that I do not think has been brought up, at least recently.

Hopfully this bump will bring it up for others to see and ponder.

[zigzak]

I connect daily directly to the MySQL Database at my ISP - but I use Plink on my Windows PC to create a secure connection first so that the database login details are encrypted.

I suppose also that if you are using FTP to connect to a server at your ISP then at least the login details are not being sent across the open internet (ie. they will only pass between your PC and your ISP). All depends on the various network configurations I suppose.