I just successfully uploaded my first web site using VS2005 Copy Website tool, so I'm satisfied. But now I have a question regarding the security of the upload process. The tool says that the password is sent as text. Is there a more secure way of uploading my files?
yes. Enable SSL and use FrontPage extension to upload via HTTPS. Bruce DiscountASP.NET www.DiscountASP.NET
I've read some horror stories regarding FP extensions so I would rather not use them unless I have to. Is that the only way? Also, I presume enabling SSL is in the Control Panel. Am I right? Is that an addon?
Yes FrontPage is horrible. https is the only secure way to upload to discountasp.net. ftp protocol states password to be sent in clear text, though most people use ftp anyway. Joel Thoms DiscountASP.NET http://www.DiscountASP.NET
What about webdav? While not as secure as ssl, I was under the impression that it was better than ftp? But I was also under the impression that vs 2005 Copy.Website used webdav/webfolders as it's protocol for copying files (not ftp). But I could be mistaken. Any insight?
webdav is a no-no on windows. it's a source of MANY security holes. Joel Thoms DiscountASP.NET http://www.DiscountASP.NET
I was curious about this so I did a bit more research and found the following article on msdn: http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/using_webfolders_for_file_transfer.mspx It reiterates what Joel says. For those of you who don't like to follow links: Using Web Foldersw for secure file transfer Web Folders, or WebDAV, is a file transfer protocol that supports secure file transfer over intranets and the Internet. With Web Folders, you can upload, download, and manage files on a remote computer across an intranet and the Internet. Web Folders is similar to File Transfer Protocol (FTP); however, Web Folders provides a more secure environment for transferring files over the Web. Using Web Folders vs. FTP Protocol Password Security Data Encryption Web Folders Always if Web server is using SSL; sometimes if it is not Always if Web Server is using SSL; never if it is not FTP Never Never Web Folders protects your password and encrypted data when you send information to a Web server running Secure Sockets Layer (SSL) If the server is not running SSL, Web Folders can protect your password if the server is configured to use Windows authentication. However, you cannot encrypt the data sent to the server. If a server is running SSL, the Internet address for the server will begin with https:// instead of http://. ....
