C ++/Win32 FTP安全性和使用SSL的基础 [英] C++/Win32 The basics of FTP security and using SSL

问题描述

我的应用程序从FTP服务器下载文件.

My application downloads files from an FTP server.

使用数据包嗅探器，我可以轻松地看到用户名和密码，我希望避免这种情况.

Using a packet sniffer I can see the user name and password easily, I would like to have this avoided.

我无法使用特权有限的ATM创建FTP帐户.

I can't make an FTP account with limited privileges ATM.

我怎么知道服务器是否支持SSL?(Apache 2.x.x)

How do I know if the server supports SSL? (Apache 2.x.x)

还有其他隐藏用户的方式:通过FTP帐户吗?

Any other way to hide user : pass of FTP account?

推荐答案

如果要查看FTP服务器是否以显式模式支持FTPS( RFC 4217 )，然后发送 AUTH TLS .如果它回答 5xx 错误代码，则不会.如果它以 234 答复，则它会这样做，并且您的客户端应该做出适当的反应(对于符合RFC 4217的服务器，这意味着进行标准的TLS握手).

If you want to see if a FTP server supports FTPS in explicit mode (RFC 2228, RFC 4217), then send an AUTH TLS. If it replies with a 5xx error code, then it doesn't; if it replies with a 234, then it does and your client should react appropriately (which, for a RFC 4217 compliant server, means doing a standard TLS handshake).

不幸的是，WinInet API不允许您执行此操作，因此您可能需要查看 libcurl ，即开即用地支持FTPS.

Unfortunately the WinInet API doesn't let you do this, so you might want to look at libcurl, which supports FTPS out of the box.

这篇关于C ++/Win32 FTP安全性和使用SSL的基础的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！