FTP update provides Web, HFS, anonymous logon

HP continues to beta test improvements to the FTP server for the HP 3000, adding an improved FTP anonymous logon interface, improved FTP client HFS file directory access, and support for receiving ftp:// commands from Web browsers.

The new features help commands generate expected Posix results and support HFS file directory access; eliminate the difficulty of specifying “./” to PUT, GET and DELete files, which can promote using the drag-and-drop features in GUI-based FTP clients; and provide the ability to display directories and let browser users view ASCII and bytestream file contents, so they can save selected files to the client.

Despite the long list of enhancements, administrators report that anonymous FTP transfers are missing vital security. NewsWire Webmaster Chris Bartram said that even this latest beta test version of FTP/iX still isn’t secure enough to permit FTP uploads of Web pages to the Apache server. Internet FTP is hamstrung.

“They still don’t have a solution to my biggest problem,” Bartram reported. “Once the FTP server is turned on, anyone can connect and try to log into any user they can guess a password for.”

Not only does FTP/iX not have any means of restricting the logons it can access now, but according to bug reports HP has listed, “it fails to report invalid logon attempts to the console,” Bartram said, “so we can’t even detect that someone was trying!”