locked
how to specify a domain username and password in ftp URL ? RRS feed

  • Question

  • hi all

    if i want to specify a domain user name ( called mydomain\user1 ) and password in ftp url , how would be the format ?  ( i mean what i should write in IE address bar ? )

    thanks

    Thursday, January 5, 2012 9:23 PM

Answers

  • Jorge gave you a good answer. Just to point out, this is one of the HUGE drawbacks of FTP, that is the username and password is clear text, and is a security nightmare because this data can be sniffed. What we usually do is set it to only anonymous, and reject other forms of authentication else, this way usernames and passwords do not come across, and they are just logging in with the guest account.

    THis is how public FTP sites are setup, for download only. If you allow uploading using anonymous, anyone scanning for open FTP sites will turn your FTP site into a "pub" site. Pirates use and publish 'pubbed sites" to their private boards for two reasons - bragging that they got in, and uploading and offering pirated movies, apps, music, 0day, etc. And they use hidden, Windows reserved and ASCII based characters (Windows is ANSI based), so you CAN'T see it on your own drive. There are ways to clean it up if you find yourself pubbed - I have a blog on how to clean it up.

    If you need to allow uploading, to better secure it, it's suggested to use SFTP (secure FTP) or SSH using Putty, which is certificate based encryption to encrypt the session including authentication and the data.

    Ace


    Ace Fekay
    MVP, MCT, MCITP Enterprise Administrator, MCTS Windows 2008 & Exchange 2007 & Exchange 2010, Exchange 2010 Enterprise Administrator, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php

    This posting is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBook Twitter LinkedIn
    • Marked as answer by Aiden_Cao Thursday, January 12, 2012 5:00 AM
    Friday, January 6, 2012 4:25 AM
  • So a quick search reveals the following:

    1) the format to specify a username and password in the FTP URL is as follows: ftp://user:password@host:port/path

    2) However, IE doesnt seem to support that feature: http://support.microsoft.com/kb/135975.  Although this article does not address IE 7 and above, the article was revised this past Sept 2011 so it appears to be recent.


    Guides and tutorials, visit ITGeared.com.

    itgeared.com facebook twitter youtube

    • Edited by Jorge Mederos Thursday, January 5, 2012 9:29 PM
    • Proposed as answer by Ace Fekay [MCT] Friday, January 6, 2012 4:25 AM
    • Marked as answer by Aiden_Cao Thursday, January 12, 2012 5:00 AM
    Thursday, January 5, 2012 9:28 PM

All replies

  • So a quick search reveals the following:

    1) the format to specify a username and password in the FTP URL is as follows: ftp://user:password@host:port/path

    2) However, IE doesnt seem to support that feature: http://support.microsoft.com/kb/135975.  Although this article does not address IE 7 and above, the article was revised this past Sept 2011 so it appears to be recent.


    Guides and tutorials, visit ITGeared.com.

    itgeared.com facebook twitter youtube

    • Edited by Jorge Mederos Thursday, January 5, 2012 9:29 PM
    • Proposed as answer by Ace Fekay [MCT] Friday, January 6, 2012 4:25 AM
    • Marked as answer by Aiden_Cao Thursday, January 12, 2012 5:00 AM
    Thursday, January 5, 2012 9:28 PM
  • Jorge gave you a good answer. Just to point out, this is one of the HUGE drawbacks of FTP, that is the username and password is clear text, and is a security nightmare because this data can be sniffed. What we usually do is set it to only anonymous, and reject other forms of authentication else, this way usernames and passwords do not come across, and they are just logging in with the guest account.

    THis is how public FTP sites are setup, for download only. If you allow uploading using anonymous, anyone scanning for open FTP sites will turn your FTP site into a "pub" site. Pirates use and publish 'pubbed sites" to their private boards for two reasons - bragging that they got in, and uploading and offering pirated movies, apps, music, 0day, etc. And they use hidden, Windows reserved and ASCII based characters (Windows is ANSI based), so you CAN'T see it on your own drive. There are ways to clean it up if you find yourself pubbed - I have a blog on how to clean it up.

    If you need to allow uploading, to better secure it, it's suggested to use SFTP (secure FTP) or SSH using Putty, which is certificate based encryption to encrypt the session including authentication and the data.

    Ace


    Ace Fekay
    MVP, MCT, MCITP Enterprise Administrator, MCTS Windows 2008 & Exchange 2007 & Exchange 2010, Exchange 2010 Enterprise Administrator, MCSE & MCSA 2003/2000, MCSA Messaging 2003
    Microsoft Certified Trainer
    Microsoft MVP - Directory Services
    Complete List of Technical Blogs: http://www.delawarecountycomputerconsulting.com/technicalblogs.php

    This posting is provided AS-IS with no warranties or guarantees and confers no rights.

    FaceBook Twitter LinkedIn
    • Marked as answer by Aiden_Cao Thursday, January 12, 2012 5:00 AM
    Friday, January 6, 2012 4:25 AM
  • Jorge gave you a good answer. Just to point out, this is one of the HUGE drawbacks of FTP, that is the username and password is clear text, and is a security nightmare because this data can be sniffed. What we usually do is set it to only anonymous, and reject other forms of authentication else, this way usernames and passwords do not come across, and they are just logging in with the guest account.

    That's also why, whenever possible, I avoid using IIS FTP and I use instead "FileZilla Server"; the idea is to avoid the need to create "regular accounts" just for people which needs to use the FTP service; sure, it won't avoid issues in case the credentials are compromised, but, at least, the disclosed credentials won't belong to the local machine or (worse) to the AD :)

     

    Monday, January 9, 2012 3:24 PM
  • ok  thanks to all repliers
    Monday, January 9, 2012 6:46 PM