When uploading code to dev or production server using ftp or using telnet are both not secure?
I can still see people using ftp or telnet to work instead of sftp and ssh. is it true that using ftp or telnet makes it easy for people to see the password? Who can see it?
Update: for example if i'm not using Wireless ... which i hear can be intermittent if it's WEP when 1GB traffic is sent or received ... so if you are not using Wireless and i use either DSL, Cable Internet like Comcast, or AT&T U-verse fiber, who can read it? Can my neighbor, or Joe in the data center of a nearby company or university, read it? Or Joe in a big hosting company or in a data center that happens to be somewhere between California and Chicago if I get from California to Chicago?
Update 2: so it's probably okay for the ftp alias = 'echo use sftp !!' on bash too
a source to share
To answer briefly, anyone on the path of packages from your computer to the server. In some cases (insecure networks, wireless networks, etc.) Many more people. This is because the password will move in plain text.
See http://en.wikipedia.org/wiki/Packet_capture for details on packet sniffing . Also check http://en.wikipedia.org/wiki/File_Transfer_Protocol#Security_problems
a source to share
Both ftp and telnet are unencrypted. This means that anyone who can hijack your internet traffic (like your isp, hosting provider, maybe the government) can read your password in plain text every time they log in. Ssh and sftp / scp will encrypt your password and no one can read it.
a source to share
Yes, using a simple packet sniffer like Wireshark it is possible to read the plaintext passwords used by telnet and ftp.Try using this tool while initializing your ftp or telnet session and you will see how insecure these mechanisms are.
As noted in this post, ssh and sftp are safer alternatives as they encrypt data as it travels over the wire. And, as always, never use these tools for evil!
a source to share