| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
FTP Control Connection Establishment, User Authentication and Anonymous FTP Access (Page 3 of 3) Anonymous FTP Perhaps surprisingly, however, many organizations did not see the need for this enhanced level of security. They in fact went in the opposite direction: using FTP without any authentication at all. This may seem surprising; why would anyone want to allow just anybody to access their FTP server? The answer is pretty simple, however: anyone who wants to use the server to provide information to the general public. Today, most organizations use the World Wide Web to distribute documents, software and other files to customers and others who want to obtain them. But in the 1980s, before the Web became popular, FTP was the way that this was often done. For example, today, if you have a 3Com network interface card and want a driver for it, you would go to the Web server www.3com.com, but several years ago, you might have accessed the 3Com FTP server (ftp.3com.com) to download a driver for it. Clearly, requiring every customer to have a user name and password on such a server would be ridiculous. For this reason, RFC 1635 in 1994 defined a use for the protocol called anonymous FTP. In this technique, a client connects to a server and provides a default user name to log in as a guest. Usually the names anonymous or ftp are supported. Seeing this name, the server responds back with a special message, saying something like Guest login ok, send your complete e-mail address as password.. The password in this case isn't really a password, of course, it is just used to allow the server to log who is accessing it. The guest is then able to access the site, though the server will usually severely restrict the access rights of guests on the system. Many FTP servers support both identified and anonymous access, with authorized users having more permissions (such as being able to traverse the full directory path, and having the right to delete or rename files) while anonymous ones may only be able to read files from a particular directory set up for public access.
Home - Table Of Contents - Contact Us The TCP/IP Guide (http://www.TCPIPGuide.com) Version 3.0 - Version Date: September 20, 2005 © Copyright 2001-2005 Charles M. Kozierok. All Rights Reserved. Not responsible for any loss resulting from the use of this site. |