Filezilla FTP Server - Security Implications of its usage on Windos Server 2003
- by Brian Webster
I'm running Filezilla server on my dedicated windows 2003 server.
It uses its own user-access control system.
The Filezilla server service itself is running under the System user.
When I setup users within the FTP Server Administrator Interface, I do not need to setup equivalent users, or adjust permissions on folders to allow users to login.
Example:
I setup TestFTP user with password 'p'
I set the home directoy of TestFTP user to be e:/website
I verify that e:/website only has permission for the System and Admin accounts (right click - security in windows explorer)
TestFTP is able to login to the server just fine.
I'm OK with this (perhaps due to ignorance?).
Is it generally frounded upon to utilize a FTP Server such as FileZilla Server that bypasses the built-in UAC in this method?
If I wasn't clear enough, please let me know.