Re: wget2 | Add FTP & FTPS support (#3)

[Richard (@nyuszika7h)]

Richard commented:


> Slightly OT, but please consider any download via FTP (or any other 
> non-secure protocol) as tainted, even when downloading within your faculty. 
> Since no one ever checks the file integrity (this is tedious manual work), 
> everybody should use a secure channel for downloading. Or the other way 
> round, you upload your data via FTP - how do you make sure the server 
> received the correct data ? (Data-internal checksums do not help against 
> malicious intent.)

For one, FTPS exists. Also I'm pretty sure the vast majority of people who use 
wget2 and find their way to this issue tracker are fully aware of the security 
risks. I'm generally a proponent of using secure things like HTTPS and SFTP 
(not to be confused with FTPS), but in some cases FTP is just an acceptable 
trade-off. I have a Windows server where setting up a FileZilla FTP server is 
much more convenient, and I'm just transferring media files. It has a strong 
password and realistically nobody is going to MITM it, and even if they did, 
they would have to find some obscure MP4 code execution exploit that would be 
player-specific.

-- 
Reply to this email directly or view it on GitLab: 
https://gitlab.com/gnuwget/wget2/-/issues/3#note_618633213
You're receiving this email because of your account on gitlab.com.